VMware HCX resolves CVE-2024-38814 vulnerability (18-10-2024)

Preface: T-SQL is widely used in SQL Server environments. For instance, communication between an app and a SQL Server instance involves sending T-SQL statements to the server.

Background: VMware HCX streamlines migration, helps rebalance workloads, helps protect data, and optimizes disaster recovery processes for both on-premises data centers and cloud servers.

HCX Connector or Cloud Manager must be registered with vCenter server and NSX manager.
The registration is done through HCX 9443 Admin UI and only ONE vCenter & ONE NSX can be registered at any given time.

To access HCX Admin UI Page: https://<HCX_Manager_IP>:9443

Vulnerability details: An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. 

Official announcement: Please refer to the vendor announcement for details – https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.