CVE-2025-22249
- EPSS 0.07%
- Published 13.05.2025 05:08:03
- Last modified 11.07.2025 14:27:30
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a mali...
CVE-2025-22215
- EPSS 0.09%
- Published 08.01.2025 07:15:28
- Last modified 08.01.2025 15:15:21
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
CVE-2024-22280
- EPSS 1.41%
- Published 11.07.2024 05:15:10
- Last modified 14.03.2025 19:15:44
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
CVE-2023-34063
- EPSS 0.17%
- Published 16.01.2024 10:15:07
- Last modified 21.11.2024 08:06:30
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.