vRealize Automation - vRA · January 16, 2024 0

Addressing Critical Security Vulnerability in Aria Automation: Action Steps and Recommendations (VMSA-2024-0001)

Introduction: We want to draw attention to a significant security vulnerability impacting Aria Automation, specifically CVE-2023-34063.

This vulnerability, related to a missing access control, has been highlighted in VMware’s Security Advisory VMSA-2024-0001.

Key Points:

  1. Understanding the Vulnerability:

    • CVE-2023-34063 details a missing access control vulnerability affecting Aria Automation.
    • VMware’s official response and documentation for this vulnerability can be found in VMSA-2024-0001.
  1. Who is Affected:

    • All versions of Aria Automation 8.11.x, 8.12.x, 8.13.x, and 8.14.x are impacted by this security vulnerability.
  1. Recommended Actions:

    • Customers using versions of Aria Automation beyond their end of general support date are advised to upgrade to a supported version.
    • VMware Aria Suite Lifecycle has released 8.14 PSPACK 4 to support VMware Aria Automation 8.16 and Orchestrator 8.16.
  1. Important Note for Suite Lifecycle 8.12 Users:

    • If you are currently on Suite Lifecycle 8.12, it is recommended to apply Patch 2 or 3 before upgrading to Suite Lifecycle 8.14. Patch 3, released recently, is crucial for addressing the vulnerability.
  1. Additional Resources:

    • Understand the importance of these actions by visiting [Link].
    • Release Notes for the latest update are available [Link].
  1. Comprehensive Information in KB Article 96098:

    • Refer to KB Article 96098 as your go-to resource, containing detailed information about patches released for previous versions of Automation under support.

Conclusion: Your prompt attention to these security measures is essential to safeguard your environment. Stay informed, follow the recommended actions, and use the provided resources to ensure the integrity of your Aria Automation setup.

Remember, security is a shared responsibility, and proactive steps today can prevent potential risks tomorrow.