{"vulnerability": "CVE-2024-22280", "sightings": [{"uuid": "ec97e6a5-b8c9-478c-a222-b5f3dd1a56e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/cKure/13263", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 VMware has fixed the critical SQL injection vulnerability CVE-2024-22280 (CVSS 8.5) in Aria Automation.\n\nVMware Aria Automation is a modern cloud automation platform that simplifies and streamlines the deployment, management and governance of cloud infrastructure and applications.\n\nIt provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.\n\nAn authenticated attacker could exploit the vulnerability by injecting specially crafted SQL queries and performing unauthorized read/write operations on the database.\n\nDiscovered by researchers at the Canadian Government Cyber \u200b\u200bDefense Center (CGCD), the vulnerability affects VMware Aria Automation version 8.x and Cloud Foundation versions 5.x and 4.x.\n\nVMware states that there are no workarounds for this issue and patches are recommended to resolve CVE-2024-22280.", "creation_timestamp": "2024-07-11T22:32:12.000000Z"}, {"uuid": "0c216e05-08f8-4a91-8e32-4835f1db0131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/thehackernews/5237", "content": "\u26a0\ufe0f GitLab has patched a critical vulnerability (CVE-2024-6385) with a CVSS score of 9.6, allowing attackers to run pipeline jobs as any user. \n \nAlso, Citrix updates for CVE-2024-6235, & Broadcom addresses flaws in VMware Cloud Director (CVE-2024-22277) & Aria Automation (CVE-2024-22280). \n \nLearn more: https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html \n \nDon't wait \u2013 secure your development environment now.", "creation_timestamp": "2024-07-11T05:53:00.000000Z"}, {"uuid": "2c79553b-efa4-4cff-ad4c-fc8c44658891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/true_secator/5961", "content": "VMware \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 CVE-2024-22280 (CVSS 8,5) \u0432 Aria Automation.\n\nVMware Aria Automation - \u044d\u0442\u043e \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041e\u043d\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0430\u0447 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f VMware Cloud on AWS, VMware Cloud on Azure \u0438 VMware Cloud Foundation.\n\n\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0432\u0432\u0435\u0434\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u041a\u0430\u043d\u0430\u0434\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430 \u043a\u0438\u0431\u0435\u0440\u0437\u0430\u0449\u0438\u0442\u044b (CGCD) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 VMware\u00a0Aria Automation \u0432\u0435\u0440\u0441\u0438\u0438 8.x \u0438 Cloud Foundation \u0432\u0435\u0440\u0441\u0438\u0439 5.x \u0438 4.x.\n\nVMware \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442, \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f CVE-2024-22280 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2024-07-11T20:47:28.000000Z"}, {"uuid": "b098c36f-ad68-4955-b4bf-b756abf1b7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/cvedetector/632", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22280 - VMware Aria Automation does not apply correct inpu\", \n  \"Content\": \"CVE ID : CVE-2024-22280 \nPublished : July 11, 2024, 5:15 a.m. | 34\u00a0minutes ago \nDescription : VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product.\u00a0An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T07:51:48.000000Z"}]}