cbcvebase.
CVE-2024-38814
published 2024-10-16

CVE-2024-38814: An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges…

PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
14.56%
96.2th percentile
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products.

Affected

4 ranges
VendorProductVersion rangeFixed in
vmwarevmware_hcx
vmwarevmware_hcx
vmwarevmware_hcx4.8.0 – 4.8.2
vmwarevmware_hcx4.9.0 – 4.9.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.