Last Wednesday, VMware issued an urgent alert about a critical remote code execution vulnerability affecting its HCX platform, widely used by companies for application mobility. The flaw, identified as CVE-2024-38814, received a severity score of 8.8/10 on the CVSS scale, which indicates a high risk of exploitation.
According to VMware, the vulnerability allows authenticated attackers, even those without administrative privileges, to remotely execute code on HCX Manager by inserting malicious SQL queries. This can seriously compromise platform security and give hackers control over critical systems.
VMware HCX is an essential solution for enterprises looking to simplify application migration, workload balancing, and ensure business continuity across data centers and clouds. With this failure, the integrity of these operations is at risk, especially for organizations that depend on the platform to manage large volumes of data and IT operations.
The vulnerability affects multiple platform versions, including 4.8.x, 4.9.x, and 4.10.x. VMware, now part of the Broadcom group, quickly made fixes for the flaw available and provided detailed instructions so that companies can apply security patches.
Cybersecurity experts recommend that VMware HCX users apply updates immediately to mitigate potential attacks and protect their infrastructures against this serious threat.
See the original post at: CisoAdvisor