PT-2024-7335 · Vmware · Vmware Hcx
Sina Kheirkhah
+1
·
Published
2024-07-24
·
Updated
2025-12-01
·
CVE-2024-38814
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware HCX versions prior to 4.8.3
VMware HCX versions prior to 4.9.2
VMware HCX versions prior to 4.10.1
Description
An authenticated SQL injection flaw exists in the
listExtensions method of VMware Hybrid Cloud Extension (HCX). Successful exploitation allows a malicious, authenticated user with non-administrator privileges to execute arbitrary code on the HCX manager by submitting specially crafted SQL queries. The vulnerability is identified as CVE-2024-38814 and has a CVSS score of 8.8 (High). The vulnerability resides in the way the software handles the structure of SQL requests, failing to implement adequate protection measures.Recommendations
Update to VMware HCX version 4.8.3 or later.
Update to VMware HCX version 4.9.2 or later.
Update to VMware HCX version 4.10.1 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Hcx