What's this about?
CVE-2023-34063 details a missing access control vulnerability that impacts Aria Automation
VMware's response to this vulnerability is documented in VMSA-2024-0001
Please ensure that you have reviewed VMSA-2024-001
How do i remediate?
All versions of Aria Automation 8.11.x, 8.12.x, 8.13.x and 8.14.x are impacted by this vulnerability
Customers running versions of Aria Automation that are passed their end of general support date are recommended to upgrade to a supported version and then mitigate this issue
VMware Aria Suite Lifecycle has released 8.14 PSPACK 4 to support VMware Aria Automation 8.16 and Orchestrator 8.16
If your on Suite Lifecycle 8.12 , then apply Patch 2 or 3 before upgrading your environment to Suite Lifecycle 8.14. Patch 3 was released last week.
Click on this link to understand why it's so important to do so.
Available both online and offline modes. Here's the Release Notes Link
There are patches released for previous versions of Automation which are under support and that's documented in this KB Article 96098
Above stated KB article is your bible, it has all information needed
Leave a message if there are any further queries. Will try to answer.