CVE-2023-34063
First published: Tue Jan 16 2024(Updated: )
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Aria Automation | =8.11.0 | |
| VMware Aria Automation | =8.11.1 | |
| VMware Aria Automation | =8.11.2 | |
| VMware Aria Automation | =8.12.0 | |
| VMware Aria Automation | =8.12.1 | |
| VMware Aria Automation | =8.12.2 | |
| VMware Aria Automation | =8.13.0 | |
| VMware Aria Automation | =8.13.1 | |
| VMware Aria Automation | =8.14.0 | |
| VMware Aria Automation | =8.14.1 | |
| VMware Cloud Foundation | =4.0 | |
| VMware Cloud Foundation | =5.0 | |
| Atlassian Confluence Server/Data Center | =8 | |
| Atlassian Confluence Server and Data Server | =8 | |
| Atlassian Jira Software Data Center | =8.20.0 | |
| Atlassian Jira Software Data Center | =9.4.0 | |
| Atlassian Jira Software Data Center | =9.5.0 | |
| Atlassian Jira Software Data Center | =9.6.0 | |
| VMware Aria Automation | =8.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-34063?
CVE-2023-34063 has a high severity rating due to its exploitation potential leading to unauthorized access.
How do I fix CVE-2023-34063?
To fix CVE-2023-34063, apply the latest security patches provided by VMware and Atlassian for affected software products.
What software products are affected by CVE-2023-34063?
CVE-2023-34063 affects products such as VMware Aria Automation and certain versions of Atlassian Confluence and Jira Software Data Center.
Who can exploit CVE-2023-34063?
An authenticated malicious actor can exploit CVE-2023-34063 to gain unauthorized access.
What does the vulnerability CVE-2023-34063 entail?
CVE-2023-34063 involves a Missing Access Control vulnerability, allowing unauthorized access to remote organizations and workflows.
- collector/mitre-cve
- source/MITRE
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/references
- collector/the-register
- source/The Register
- alias/CVE-2023-22527
- alias/CVE-2020-25649
- alias/CVE-2023-34063
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/news-ai
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware aria automation
- version/vmware aria automation/8.11.0
- version/vmware aria automation/8.11.1
- version/vmware aria automation/8.11.2
- version/vmware aria automation/8.12.0
- version/vmware aria automation/8.12.1
- version/vmware aria automation/8.12.2
- version/vmware aria automation/8.13.0
- version/vmware aria automation/8.13.1
- version/vmware aria automation/8.14.0
- version/vmware aria automation/8.14.1
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- version/vmware cloud foundation/5.0
- vendor/atlassian
- canonical/atlassian confluence server/data center
- version/atlassian confluence server/data center/8
- canonical/atlassian confluence server and data server
- version/atlassian confluence server and data server/8
- canonical/atlassian jira software data center
- version/atlassian jira software data center/8.20.0
- version/atlassian jira software data center/9.4.0
- version/atlassian jira software data center/9.5.0
- version/atlassian jira software data center/9.6.0
- version/vmware aria automation/8.16