CVE-2024-38814
CVE-2024-38814
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 14.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A
malicious authenticated user with non-administrator privileges may be
able to enter specially crafted SQL queries and perform unauthorized
remote code execution on the HCX manager.
Updates are available to remediate this vulnerability in affected VMware products.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
N/A · VMware HCXWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →