CVE-2024-38815
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-38815
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware NSX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware NSX是美国威睿(VMware)公司的一个完整的 L2-L7 网络和安全虚拟化平台。为虚机提供了虚拟化的网络,把虚机和物理网络相隔离,做到了网络服务与具体的物理网络设备无关,使得用户在网络设备的选择和采购上有着更大的灵活性。 VMware NSX存在安全漏洞,该漏洞源于存在内容欺骗漏洞,允许通过制作URL并将受害者重定向到攻击者控制的域,从而导致敏感信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | VMware NSX, VMware Cloud Foundation | VMware NSX 4.x, VMware Cloud Foundation 5.x | - |
II. Public POCs for CVE-2024-38815
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-38815
请登录查看更多情报信息。
Same Patch Batch · n/a · 2024-10-09 · 26 CVEs total
| CVE-2024-38818 | 6.7 MEDIUM | VMware NSX 安全漏洞 |
| CVE-2024-38817 | 6.7 MEDIUM | VMware NSX 安全漏洞 |
| CVE-2023-45361 | MediaWiki 安全漏洞 | |
| CVE-2024-42988 | CTFd 安全漏洞 | |
| CVE-2024-46316 | DrayTek Vigor 3900 安全漏洞 | |
| CVE-2024-46307 | Xingyuantu SparkShop 安全漏洞 | |
| CVE-2024-48941 | Syracom Secure Login 安全漏洞 | |
| CVE-2024-48933 | LemonLDAP::NG 安全漏洞 | |
| CVE-2024-48942 | Syracom Secure Login 安全漏洞 | |
| CVE-2024-45746 | Linaro Trusted Firmware-M 安全漏洞 | |
| CVE-2023-36325 | I2P 安全漏洞 | |
| CVE-2023-46586 | Weborf 安全漏洞 | |
| CVE-2023-37154 | Nagios Plugins 安全漏洞 | |
| CVE-2024-45179 | za-internet C-MOR Video Surveillance 安全漏洞 | |
| CVE-2023-45359 | MediaWiki 安全漏洞 | |
| CVE-2023-45872 | Qt 安全漏洞 | |
| CVE-2024-42934 | OpenIPMI 安全漏洞 | |
| CVE-2024-47191 | OATH Toolkit 安全漏洞 | |
| CVE-2024-46292 | ModSecurity 安全漏洞 | |
| CVE-2024-46237 | PHPGurukul Hospital Management System 安全漏洞 |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2024-38815
No comments yet