Lucene search
K

13053 matches found

OpenVAS
OpenVAS
added 2024/02/22 12:0 a.m.35 views

VMware Spring Framework < 5.3.32, 6.0.x < 6.0.17, 6.1.x < 6.1.4 Open Redirect / SSRF Vulnerability - Linux

The VMware Spring Framework is prone to an open redirect or server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

8.1CVSS6.6AI score0.03967EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/02/22 12:0 a.m.60 views

VMware Spring Framework < 5.3.32, 6.0.x < 6.0.17, 6.1.x < 6.1.4 Open Redirect / SSRF Vulnerability - Windows

The VMware Spring Framework is prone to an open redirect or server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

8.1CVSS6.6AI score0.03967EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/02/22 12:0 a.m.5 views

The vulnerability of the VMware Enhanced Authentication Plug-in’s authentication module, related to deficiencies in the authentication process, allows attackers to escalate their privileges.

The vulnerability of the VMware Enhanced Authentication Plug-in EAP is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting Active Directory tickets...

10CVSS8AI score0.01262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/22 12:0 a.m.30 views

VMWare Aria Operations < 8.16 PrivEsc (VMSA-2024-0004)

According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.16.0.23251571. It is, therefore, affected by the following: - VMware Aria Operations contains a local privilege escalation vulnerability. A malicious...

6.7CVSS6.6AI score0.00194EPSS
Exploits0References4
hivepro
hivepro
added 2024/02/21 2:17 p.m.28 views

Admins Urged to Uninstall VMware EAP Amid Critical Flaws

Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attack...

6.8CVSS7.7AI score0.01262EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/21 6:50 a.m.34 views

No fix KrbRelay VMware style

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...

9.6CVSS7.2AI score0.01262EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/02/21 5:34 a.m.44 views

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...

9.8CVSS10AI score0.48839EPSS
Exploits1
NVD
NVD
added 2024/02/21 5:15 a.m.14 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

6.7CVSS6.8AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 5:15 a.m.1 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

6.7CVSS5.8AI score0.00194EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 5:15 a.m.16 views

Privilege escalation

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

4CVSS7.5AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 4:59 a.m.9 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

6.7CVSS7.2AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/21 4:59 a.m.22 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

6.7CVSS7.1AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 4:59 a.m.126 views

CVE-2024-22235

CVE-2024-22235 affects VMware Aria Operations (formerly vRealize Operations) and VMware Aria Operations in VMware Cloud Foundation. The issue is a local privilege escalation: a malicious actor with administrative access to the local system can escalate to root. The CVSSv3 base score is 6.7 (Local...

6.7CVSS6.8AI score0.00194EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.4 views

VMware Aria Operations Security Vulnerability

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations, which stems from a contained local elevation of privilege vulnerability that...

6.7CVSS7AI score0.00194EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.33 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.6)

The version of AOS installed on the remote host is prior to 6.7.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.6 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...

7.5CVSS7.3AI score0.02626EPSS
Exploits1References13
NVD
NVD
added 2024/02/20 6:15 p.m.8 views

CVE-2024-22250

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

7.8CVSS7.4AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 6:15 p.m.12 views

CVE-2024-22245

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

9.6CVSS9.6AI score0.01262EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 6:15 p.m.20 views

Session fixation

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

3.5CVSS6.9AI score0.00348EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 6:15 p.m.23 views

Authentication flaw

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

6.8CVSS7.5AI score0.01262EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 5:35 p.m.107 views

CVE-2024-22250

CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...

7.8CVSS8.3AI score0.00348EPSS
Exploits0References1
Rows per page
Query Builder