CVE-2024-38814
published 2024-10-16CVE-2024-38814: An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
14.56%
96.2th percentile
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A
malicious authenticated user with non-administrator privileges may be
able to enter specially crafted SQL queries and perform unauthorized
remote code execution on the HCX manager.
Updates are available to remediate this vulnerability in affected VMware products.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vmware_hcx | — | — |
| vmware | vmware_hcx | — | — |
| vmware | vmware_hcx | 4.8.0 – 4.8.2 | — |
| vmware | vmware_hcx | 4.9.0 – 4.9.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-16
Published