cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-22250,https://securityvulnerability.io/vulnerability/CVE-2024-22250,Privileged Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in,"The vulnerability exists in the Deprecated VMware Enhanced Authentication Plug-in, where a session hijack can occur. This allows a malicious actor with unprivileged local access to a Windows operating system to hijack a privileged EAP session initiated by a privileged domain user on the same system. This vulnerability poses significant risks, as it can lead to unauthorized access to sensitive operations or data within the affected environment, highlighting the urgent need for remediation to protect user sessions.",Vmware,Vmware Enhanced Authentication Plug-in (eap),7.8,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-02-20T17:35:23.481Z,0
CVE-2024-22245,https://securityvulnerability.io/vulnerability/CVE-2024-22245,Arbitrary Authentication Relay and Session Hijack Vulnerabilities in VMware EAP,"The VMware Enhanced Authentication Plug-in is susceptible to vulnerabilities that enable arbitrary authentication relay and session hijacking. This condition can be exploited by malicious actors who successfully trick a target domain user, with the plug-in installed in their web browser, into requesting service tickets associated with arbitrary Active Directory Service Principal Names (SPNs). Such an attack could potentially allow unauthorized access to sensitive services and data, thereby compromising the integrity of the affected Active Directory environment. Organizations utilizing this plug-in are advised to implement appropriate security measures and consider upgrading to secure alternatives.",Vmware,Vmware Enhanced Authentication Plug-in (eap),9.6,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-02-20T17:35:09.051Z,5329