The vulnerability, tagged as CVE-2024-38814, carries a CVSS severity score of 8.8/10 and allows attackers with non-administrator privileges to execute remote code on the HCX manager. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager, according to an advisory from the virtualization technology vendor. VMware HCX is an application mobility platform designed to simplify application migration, workload rebalancing, and business continuity across data centers and clouds.