An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A
malicious authenticated user with non-administrator privileges may be
able to enter specially crafted SQL queries and perform unauthorized
remote code execution on the HCX manager.
Updates are available to remediate this vulnerability in affected VMware products.
References
Link | Resource |
---|---|
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Oct 2024, 18:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 - Third Party Advisory | |
CPE | cpe:2.3:a:vmware:vmware_hcx:4.10.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_hcx:*:*:*:*:*:*:*:* |
|
First Time |
Vmware vmware Hcx
Vmware |
18 Oct 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 17:15
Updated : 2024-10-21 18:20
NVD link : CVE-2024-38814
Mitre link : CVE-2024-38814
CVE.ORG link : CVE-2024-38814
JSON object : View
Products Affected
vmware
- vmware_hcx
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')