CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-38814

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.024

EPSS Ranking 84.5%

CVSS Severity

CVSS v3 Score 8.8

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019

Products affected by CVE-2024-38814

Vmware » Vmware Hcx » Version: Any

cpe:2.3:a:vmware:vmware_hcx:*
Vmware » Vmware Hcx » Version: 4.10.0

cpe:2.3:a:vmware:vmware_hcx:4.10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38814

Products

Pricing

Contact Us