InfoSecBulletin Cybersecurity for mankind
VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its HCX application mobility platform.
An authenticated SQL injection vulnerability in HCX was privately reported to VMware by Sina Kheirkhah from the Summoning Team through the Trend Micro Zero Day Initiative. An authenticated user without admin rights could exploit this flaw using crafted SQL queries to execute unauthorized remote code on the HCX manager.
Microsoft’s Alarming Report: 600 Million Cyberattacks perday
CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX
Over 90 Zero-Days, 40+ N-Days Exploited In The Wild
Oracle Security Update, 334 Vulnerabilities Patched
Chrome 130 Launches with Patches for 17 Security Vulnerabilities
Researchers Break RSA Encryption with Quantum Computing
Shadowserver's data
87000+ Fortinet devices still open to attack?
Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack
RansomHub Targets Bangladeshi Confidence Group
Hackers using ChatGPT create malware, OpenAI confirm
“An authenticated SQL injection vulnerability in HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.” reads the advisory published by the virtualization giant. “A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.”
VMware HCX is a platform that helps move workloads easily between data centers and clouds. It allows organizations to migrate applications and virtual machines without any downtime.
The vulnerability CVE-2024-38814 affects HCX platform versions 4.8.x, 4.9.x, and 4.10.x. It has been resolved in versions 4.8.3, 4.9.2, and 4.10.1.
