Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38814

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products.

Published

2024-10-16T17:15:16.237

Last Modified

2024-10-21T18:20:53.267

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	vmware_hcx	≤ 4.8.2	Yes
Application	vmware	vmware_hcx	≤ 4.9.1	Yes
Application	vmware	vmware_hcx	4.10.0	Yes

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 Third Party Advisory ([email protected])