CVE-2024-22245

Vulnerability updated 2 months ago (2024-11-29T13:40:31.941Z)
Download STIX
Preview STIX
CVE-2024-22245 is a significant software vulnerability found in the VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere. This flaw in software design or implementation allows attackers to exploit this vulnerability, along with another identified as CVE-2024-22250, to execute authentication relay and session hijack attacks. These vulnerabilities pose a serious threat to system security, potentially providing unauthorized access to sensitive data and systems. The vulnerabilities were publicly disclosed in February 2024, as highlighted in an article on HelpNetSecurity.com. The severity of these vulnerabilities led VMware to urge administrators to uninstall the vulnerable, deprecated vSphere plugin. Despite the potential disruption this might cause, the move was deemed necessary to prevent exploitation and protect the integrity of systems running the software. In response to the vulnerabilities, VMware has been actively working to address the issue and mitigate the risks associated with CVE-2024-22245 and CVE-2024-22250. However, until a patch or update is available, the recommended action is to uninstall the affected plugin. Administrators are advised to follow this guidance and monitor for any updates from VMware regarding these vulnerabilities.
Description last updated: 2024-05-04T18:24:55.507Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vmware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.