Vmware · Vmware Aria Automation · CVE-2024-22280
**Name of the Vulnerable Software and Affected Versions**
VMware Aria Automation versions 8.x
**Description**
The issue is related to a lack of correct input validation, allowing for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.
**Recommendations**
For VMware Aria Automation version 8.x, apply the available patches to address the SQL-injection vulnerability. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.