CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38814 – VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38814
16 Oct 2024 — An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. VMware recibió un informe privado sobre una vulnerabilidad de inyección SQL autenticada en VMware HCX. Un usuario autenticado malintencionado con privile... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22953
https://notcve.org/view.php?id=CVE-2022-22953
16 Jun 2022 — VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. La actualización de VMware HCX aborda una vulnerabilidad de divulgación de información. Un actor malicioso con acceso de usuario de red al dispositivo VMware HCX podría conseguir acceso a información confidencial • https://www.vmware.com/security/advisories/VMSA-2022-0017.html •