VMware HCX Authenticated SQL Injection Vulnerability
Key Information
- Vendor
- VMware
- Status
- Vmware Hcx
- Vendor
- CVE Published:
- 16 October 2024
Badges
Summary
The article discusses a high-severity SQL injection vulnerability in VMware HCX, tracked as CVE-2024-38814, which allows non-admin users to execute remote code on the HCX manager. The vulnerability was privately reported to VMware, impacting multiple versions of the HCX platform. An authenticated user with non-admin rights could exploit the flaw and execute unauthorized remote code on the HCX manager. The article also mentions that updates are available to remediate this vulnerability in affected VMware products.
News Articles
VMware fixes high-severity SQL injection CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager.
2 weeks ago
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager.
2 weeks ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by SecurityWeek
Vulnerability published.