InfoSecBulletin Cybersecurity for mankind
VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its HCX application mobility platform.
An authenticated SQL injection vulnerability in HCX was privately reported to VMware by Sina Kheirkhah from the Summoning Team through the Trend Micro Zero Day Initiative. An authenticated user without admin rights could exploit this flaw using crafted SQL queries to execute unauthorized remote code on the HCX manager.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
“An authenticated SQL injection vulnerability in HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.” reads the advisory published by the virtualization giant. “A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.”
VMware HCX is a platform that helps move workloads easily between data centers and clouds. It allows organizations to migrate applications and virtual machines without any downtime.
The vulnerability CVE-2024-38814 affects HCX platform versions 4.8.x, 4.9.x, and 4.10.x. It has been resolved in versions 4.8.3, 4.9.2, and 4.10.1.
