VMware HCX Authenticated SQL Injection Vulnerability
CVE-2024-38814

8.8HIGH

Key Information:

Vendor
VMware
Status
Vmware Hcx
Vendor
CVE Published:
16 October 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

The article discusses a high-severity SQL injection vulnerability in VMware HCX, tracked as CVE-2024-38814, which allows non-admin users to execute remote code on the HCX manager. The vulnerability was privately reported to VMware, impacting multiple versions of the HCX platform. An authenticated user with non-admin rights could exploit the flaw and execute unauthorized remote code on the HCX manager. The article also mentions that updates are available to remediate this vulnerability in affected VMware products.

News Articles

favicon imageSecurity Affairs

VMware fixes high-severity SQL injection CVE-2024-38814 in HCX

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager.

3 months ago

favicon imageSecurityWeek

VMware Patches High-Severity SQL Injection Flaw in HCX Platform

VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager.

3 months ago

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

.