CVE-2024-22280 | THREATINT

Description

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

PUBLISHED Reserved 2024-01-08 | Published 2024-07-11 | Updated 2025-03-14 | Assigner vmware

HIGH: 8.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Product status

Default status

unaffected

8.x (8.17.0) before 8.17.0

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/24598

cve.org (CVE-2024-22280)

nvd.nist.gov (CVE-2024-22280)

Download JSON

help @ threatint.eu