Lucene search
K

13053 matches found

Vulnrichment
Vulnrichment
added 2024/02/20 5:35 p.m.12 views

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 5:35 p.m.109 views

CVE-2024-22250

CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...

7.8CVSS8.3AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 5:35 p.m.118 views

CVE-2024-22245

CVE-2024-22245 describes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug‑in (EAP). The issue allows a user’s browser to be coerced into requesting and relaying Kerberos service tickets for arbitrary SPNs, enabling credential ...

9.6CVSS9.6AI score0.01262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 5:35 p.m.17 views

CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

9.6CVSS7.2AI score0.01262EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/20 5:35 p.m.29 views

CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

9.6CVSS9.7AI score0.01262EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.191 views

November 14, 2023—KB5032198 (OS Build 20348.2113)

November 14, 2023—KB5032198 OS Build 20348.2113 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out wh...

9.8CVSS7.9AI score0.88196EPSS
Exploits14
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.4 views

VMware Enhanced Authentication Plug-in Security Vulnerability

The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...

9.6CVSS6.9AI score0.01262EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.2 views

VMware Enhanced Authentication Plug-in Security Vulnerability

The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.3 views

PT-2024-2166 · Vmware +1 · Vmware Enhanced Authentication Plug-In +1

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in affected versions not specified Description: The issue is related to a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. This could allow a malicious actor with...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-1777 · Vmware · Vmware Enhanced Authentication Plug-In

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in EAP affected versions not specified Description: The issue is related to arbitrary authentication relay and session hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP. Th...

10CVSS7.5AI score0.01262EPSS
Exploits0References62
Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.72 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.5)

The version of AOS installed on the remote host is prior to 6.5.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.5 advisory. - A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privileg...

7.8CVSS7.4AI score0.12966EPSS
Exploits14References24
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.6 views

The vulnerability of the monitoring tool for VMware Aria Operations lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.7CVSS6.3AI score0.00498EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.5 views

The vulnerability of the monitoring tool for VMware Aria Operations lies in the use of files and directories accessible from external parties, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the monitoring tool for VMware Aria Operations relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

6.1CVSS5.9AI score0.00615EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.5 views

The vulnerability of the monitoring tool for VMware Aria Operations, related to errors in privilege management, allows a perpetrator to escalate their privileges.

The vulnerability of the monitoring tool for VMware Aria Operations is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to enhance their privileges...

7.8CVSS7.4AI score0.00214EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.7 views

The vulnerability of the monitoring tool for VMware Aria Operations, related to the lack of protective measures for the website structure, allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

4.8CVSS5.6AI score0.37849EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 1:10 p.m.54 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS10AI score0.73461EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/13 2:49 p.m.29 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

6.5CVSS6.4AI score0.01219EPSS
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 2024/02/13 8:0 a.m.40 views

Update Rollup 70 for Azure Site Recovery -KB5034599

None None...

9.3CVSS7.3AI score0.00617EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/12 7:4 p.m.55 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-20861, CVE-2023-20860]

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. CVE-2023-20861, CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/09 3:50 p.m.57 views

Security Bulletin: Vulnerabilities in Axios, Node.js, VMWare tools, and Linux Kernel might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

7.8CVSS9.9AI score0.04456EPSS
Exploits3Affected Software1
Rows per page
Query Builder