13053 matches found
VMware Spring Framework < 5.3.32, 6.0.x < 6.0.17, 6.1.x < 6.1.4 Open Redirect / SSRF Vulnerability - Linux
The VMware Spring Framework is prone to an open redirect or server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
VMware Spring Framework < 5.3.32, 6.0.x < 6.0.17, 6.1.x < 6.1.4 Open Redirect / SSRF Vulnerability - Windows
The VMware Spring Framework is prone to an open redirect or server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
The vulnerability of the VMware Enhanced Authentication Plug-in’s authentication module, related to deficiencies in the authentication process, allows attackers to escalate their privileges.
The vulnerability of the VMware Enhanced Authentication Plug-in EAP is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting Active Directory tickets...
VMWare Aria Operations < 8.16 PrivEsc (VMSA-2024-0004)
According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.16.0.23251571. It is, therefore, affected by the following: - VMware Aria Operations contains a local privilege escalation vulnerability. A malicious...
Admins Urged to Uninstall VMware EAP Amid Critical Flaws
Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attack...
No fix KrbRelay VMware style
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...
CVE-2024-22235
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
CVE-2024-22235
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
Privilege escalation
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
CVE-2024-22235
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
CVE-2024-22235
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
CVE-2024-22235
CVE-2024-22235 affects VMware Aria Operations (formerly vRealize Operations) and VMware Aria Operations in VMware Cloud Foundation. The issue is a local privilege escalation: a malicious actor with administrative access to the local system can escalate to root. The CVSSv3 base score is 6.7 (Local...
VMware Aria Operations Security Vulnerability
VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations, which stems from a contained local elevation of privilege vulnerability that...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.6)
The version of AOS installed on the remote host is prior to 6.7.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.6 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...
CVE-2024-22250
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
CVE-2024-22245
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
Session fixation
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
Authentication flaw
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
CVE-2024-22250
CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...