www.helpnetsecurity.com
Open in
urlscan Pro
35.160.151.203
Public Scan
URL:
https://www.helpnetsecurity.com/2024/01/18/cve-2023-34063/
Submission: On January 18 via api from TR — Scanned from DE
Submission: On January 18 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1705590417"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Zeljka Zorz, Editor-in-Chief, Help Net Security January 18, 2024 Share VMWARE: PLUG CRITICAL ARIA AUTOMATION HOLE IMMEDIATELY! (CVE-2023-34063) A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this flaw – for now. Patches are available and VMware recommends upgrading to VMware Aria Automation 8.16. “This situation qualifies as an emergency change, necessitating prompt action from your organization,” they added. ABOUT CVE-2023-34063 VMware Aria Automation (formerly vRealize Automation) is a multi-cloud infrastructure automation platform, and is included in the VMware Cloud Foundation hybrid cloud platform. CVE-2023-34063, a missing access control vulnerability, was privately reported by the the Scientific Computing Platforms team of CSIRO, the Australian government agency for scientific research. To exploit it, attackers must have low privileges (must be authenticated), but can trigger the flaw without any user interaction. It affects all Aria Automation versions prior to v8.16 and VMware Cloud Foundation versions 5.x and 4.x. It does not affect VMware vCenter Server, VMware ESXi, Aria Orchestrator, or Aria Automation Cloud. WHAT TO DO? “To apply the patch, your system must be running the latest version of the major release. For example, if your system is on Aria Automation 8.12.1, you must first update to 8.12.2 before applying the patch,” the company explained. “If you choose a different version instead of upgrading to version 8.16, it is important to note that the only supported upgrade path after applying the patch is to version 8.16. VMware strongly recommends this version. If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching.” There are no workarounds available, but VMware says that depending on their security posture, defense-in-depth strategies, and the configurations of perimeter and appliance firewalls, organizations might implement some mitigations and compensating controls. More about * cloud * CSIRO * security update * VMware * vulnerability Share FEATURED NEWS * Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot * Attribute-based encryption could spell the end of data compromise * Ransomware negotiation: When cybersecurity meets crisis management Discover and secure every cloud and SaaS asset SPONSORED * eBook: Defending the Infostealer Threat * Guide: SaaS Offboarding Checklist * eBook: Keeping Active Directory out of hackers’ cross-hairs DON'T MISS * VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) * Attribute-based encryption could spell the end of data compromise * Skytrack: Open-source aircraft reconnaissance tool * Ransomware negotiation: When cybersecurity meets crisis management * The power of AI in cybersecurity Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×