"VMware Patches Critical SQL-Injection Flaw in Aria Automation"

VMWare recently pushed out patches for a high-risk SQL injection vulnerability in its Aria Automation product and warned that an authenticated malicious user could target the flaw to manipulate databases.  The company noted that the vulnerability tracked as CVE-2024-22280 allows for unauthorized read and write operations in the database through specially crafted SQL queries.  The bug carries a CVSS severity score of 8.5/10.  The affected products include VMware Aria Automation version 8.x and VMware Cloud Foundation versions 5.x and 4.x.  VMware said the bug was privately reported by researchers at Quebec’s Centre Gouvernemental de Cyberdéfense (CGCD).

SecurityWeek reports: "VMware Patches Critical SQL-Injection Flaw in Aria Automation"