VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-07-11T04:39:09.353Z
Updated: 2024-08-01T22:43:34.225Z
Reserved: 2024-01-08T18:43:18.959Z
Link: CVE-2024-22280
Vulnrichment
Updated: 2024-08-01T22:43:34.225Z
NVD
Status : Analyzed
Published: 2024-07-11T05:15:10.123
Modified: 2024-07-12T17:01:29.947
Link: CVE-2024-22280
Redhat
No data.