VmwareCVELIST:CVE-2024-22250CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow aΒ malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Enhanced Authentication Plug-in (EAP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%