Dell RecoverPoint for Virtual Machines Brute Force Vulnerability
Dell RecoverPoint for Virtual Machines is a disaster recovery solution for VMware environments from Dell. A brute force vulnerability exists in Dell RecoverPoint for Virtual Machines, which can be exploited by an attacker to brute-force break a valid user's password in an automated...
6.5CVSS
6.9AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0729
Updates of ['linux-esx', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
7.5CVSS
8.1AI Score
0.732EPSS
The VMware Spring Framework is prone to an open redirect or server-side request forgery (SSRF)...
8.1CVSS
8.1AI Score
0.0004EPSS
Dell RecoverPoint for Virtual Machines Code Issue Vulnerability
Dell RecoverPoint for VMs is a disaster recovery solution for VMware environments from Dell, Inc. A code issue vulnerability exists in Dell RecoverPoint for Virtual Machines version 5.3.x, which stems from the inclusion of an operating system command injection vulnerability. No details of the...
7.2CVSS
7.5AI Score
0.0004EPSS
The VMware Spring Framework is prone to an open redirect or server-side request forgery (SSRF)...
8.1CVSS
8.1AI Score
0.0004EPSS
Admins Urged to Uninstall VMware EAP Amid Critical Flaws
Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attacks....
9.6CVSS
7.7AI Score
0.0004EPSS
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a.....
9.6CVSS
7.2AI Score
0.0004EPSS
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a.....
9.8CVSS
10AI Score
0.074EPSS
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to...
6.7CVSS
6.8AI Score
0.0004EPSS
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to...
6.7CVSS
6.8AI Score
0.0004EPSS
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to...
6.7CVSS
7.5AI Score
0.0004EPSS
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to...
6.7CVSS
7.1AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.017EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0572
Updates of ['libxml2', 'dnsmasq'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0215
Updates of ['apache-tomcat9', 'libxml2', 'dnsmasq'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.05EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.6)
The version of AOS installed on the remote host is prior to 6.7.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.6 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5....
7.5CVSS
6.7AI Score
0.002EPSS
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same...
7.8CVSS
8.2AI Score
0.0004EPSS
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
9.6CVSS
9.6AI Score
0.0004EPSS
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same...
7.8CVSS
7.4AI Score
0.0004EPSS
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
9.6CVSS
9.4AI Score
0.0004EPSS
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
9.6CVSS
7.5AI Score
0.0004EPSS
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same...
7.8CVSS
6.9AI Score
0.0004EPSS
CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
9.6CVSS
9.7AI Score
0.0004EPSS
November 14, 2023—KB5032198 (OS Build 20348.2113)
November 14, 2023—KB5032198 (OS Build 20348.2113) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...
9.8CVSS
7.9AI Score
0.57EPSS
November 14, 2023—KB5032192 (OS Build 22000.2600)
November 14, 2023—KB5032192 (OS Build 22000.2600) 9/26/23 IMPORTANT As of September 26, 2023, there are no more optional, non-security preview releases for Windows 11, version 21H2. Only cumulative monthly security updates will continue for the supported versions of Windows 11, version 21H2....
9.8CVSS
8AI Score
0.57EPSS
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: The...
7.4CVSS
7.5AI Score
0.0004EPSS
3a. Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin (CVE-2024-22245) The VMware Enhanced Authentication Plug-in (EAP) contains an Arbitrary Authentication Relay vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a.....
9.6CVSS
7.1AI Score
0.0004EPSS
Critical Photon OS Security Update - PHSA-2024-5.0-0213
Updates of ['nodejs', 'libuv'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.5)
The version of AOS installed on the remote host is prior to 6.5.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.5 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5....
7.8CVSS
8.2AI Score
0.002EPSS
VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
Local Privilege Escalation vulnerability (CVE-2024-22235) VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of...
6.7CVSS
7.1AI Score
0.0004EPSS
Why keeping track of user accounts is important
CISA (the Cybersecurity & Infrastructure Security Agency) has issued a cybersecurity advisory after the discovery of documents containing host and user information of a state government organization’s network environment—including metadata—on a dark web brokerage site. An attacker managed to...
7.4AI Score
How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how...
9.5AI Score
Critical Photon OS Security Update - PHSA-2024-4.0-0568
Updates of ['libuv'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Critical Photon OS Security Update - PHSA-2024-3.0-0728
Updates of ['libuv'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0212
Updates of ['vim'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0567
Updates of ['vim'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
6.1CVSS
5.7AI Score
0.0005EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
7.5CVSS
7.7AI Score
0.001EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
8.6CVSS
8.1AI Score
0.0005EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
7.5CVSS
7.1AI Score
0.001EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
8.6CVSS
7.9AI Score
0.0005EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
8.6CVSS
7.2AI Score
0.0005EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...
7.5CVSS
6.8AI Score
0.001EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...
6.1CVSS
6.5AI Score
0.0005EPSS
Why We Must Democratize Cybersecurity
With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater.....
9.8CVSS
9.4AI Score
0.074EPSS
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265 Vulnerability Details ** CVEID: CVE-2023-34062 DESCRIPTION: **VMware Tanzu Reactor Netty could allow a remote attacker to traverse directories on the system, caused by improper validation of user request......
7.5CVSS
9.9AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0211
Updates of ['python3-urllib3'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS