Description
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- VMware / Vmware Aria Automation8.x – 8.18.1 patch 1
- VMware / VMware Cloud Foundation (VMware Aria Automation)5.x – 8.18.1 patch 1
- VMware / VMware Cloud Foundation (VMware Aria Automation)4.x – 8.18.1 patch 1