VmwareCVELIST:CVE-2024-22245CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allowΒ aΒ malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
CNA Affected
[
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Enhanced Authentication Plug-in (EAP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%