Lucene search
VMwareVMSA-2024-0003HistoryFeb 20, 2024 - 12:00 a.m.
Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
2024-02-2000:00:00
www.vmware.com
13
vmware
authentication relay
session hijack
vulnerabilities
deprecated
eap
cve-2024-22245
cve-2024-22250
cvssv3
3a. Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin (CVE-2024-22245)
The VMware Enhanced Authentication Plug-in (EAP) contains an Arbitrary Authentication Relay vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.6.
3b. Session Hijack Vulnerability in Deprecated EAP Browser Plugin (CVE-2024-22250)
The VMware Enhanced Authentication Plug-in (EAP) contains a Session Hijack vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vmware enhanced authentication plug-in (eap) | eq | Any |
References
Related
pentestpartners
pentestpartners
No fix KrbRelay VMware style
2024-02-21 06:50:52
hivepro
hivepro
Admins Urged to Uninstall VMware EAP Amid Critical Flaws
2024-02-21 14:17:57
f5
f5
K000139491 : VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
2024-05-02 00:00:00
thn
thn
cvelist
cvelist
prion
prion
Authentication flaw
2024-02-20 18:15:00
Session fixation
2024-02-20 18:15:00
nvd
nvd
CVE-2024-22245
2024-02-20 18:15:51
CVE-2024-22250
2024-02-20 18:15:51
cve
cve
CVE-2024-22250
2024-02-20 18:15:51
CVE-2024-22245
2024-02-20 18:15:51