VMware NSX contains a content spoofing vulnerability. 

An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 09 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware cloud Foundation
Vmware nsx
Vmware nsx-t
CPEs cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:nsx-t:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:nsx:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware cloud Foundation
Vmware nsx
Vmware nsx-t
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2024-10-09T21:05:46.428Z

Reserved: 2024-06-19T22:31:57.187Z

Link: CVE-2024-38815

cve-icon Vulnrichment

Updated: 2024-10-09T21:05:33.707Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-09T20:15:07.820

Modified: 2024-10-10T12:51:56.987

Link: CVE-2024-38815

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.