This morning we announced VMSA-2024-001 with the following Synopsis:
VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063)
The fix is addressed in Aria Automation 8.16, which requires Aria Suite Lifecycle Manager 8.14 PSPack 4, which is now GA. Go to Lifecycle Operations - Settings - Product Support Pack - CHECK SUPPORT PACKS ONLINE and get it.
Once applied, download Aria Automation 8.16 via Lifecycle Operations - Settings - Binary Mapping - Product Binaries - ADD BINARIES and either discover via My VMware or upload them manually, I'm downloading mine from My VMware.
![](https://static.wixstatic.com/media/b4065e_79a3cf05d4fc4b4dbb98e6cad1310539~mv2.png/v1/fill/w_49,h_33,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/b4065e_79a3cf05d4fc4b4dbb98e6cad1310539~mv2.png)
Once downloaded we can upgrade. Go to Lifecycle Operations - Environments - select your environment - VMware Aria Automation - UPGRADE.
![](https://static.wixstatic.com/media/b4065e_6329b22dad34492d81459e51441277be~mv2.png/v1/fill/w_49,h_20,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/b4065e_6329b22dad34492d81459e51441277be~mv2.png)
Click UPGRADE and work your way through the prompts.
Upgrade to Aria Automation 8.16 complete and VMSA-2024-0001 has been addressed. If your impatient like I am and want to follow along at home you can always SSH into your Automation VM and run the following command to get updates: vracli upgrade status --follow. Thanks for the pro-tip Coz!