VMware is urging customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the invention of a essential safety flaw.
Tracked as CVE-2024-22245 (CVSS rating: 9.6), the vulnerability has been described as an arbitrary authentication relay bug.
“A malicious actor may trick a goal area consumer with EAP put in of their net browser into requesting and relaying service tickets for arbitrary Lively Listing Service Principal Names (SPNs),” the corporate stated in an advisory.
EAP, deprecated as of March 2021, is a software program package deal that is designed to permit direct login to vSphere’s administration interfaces and instruments via an online browser. It isn’t included by default and isn’t a part of vCenter Server, ESXi, or Cloud Basis.
Additionally found in the identical instrument is a session hijack flaw (CVE-2024-22250, CVSS rating: 7.8) that would allow a malicious actor with unprivileged native entry to a Home windows working system to grab a privileged EAP session.
Ceri Coburn from Pen Check Companions has been credited with discovering and reporting the dual vulnerabilities on October 17, 2023. It is at the moment not clear why VMware took a number of months to “advise shoppers to uninstall the plugin.”
It is value stating that the shortcomings solely influence customers who’ve added EAP to Microsoft Home windows techniques to connect with VMware vSphere through the vSphere Consumer.
The Broadcom-owned firm stated the vulnerabilities won’t be addressed, as an alternative recommending customers to take away the plugin altogether to mitigate potential threats.
“The Enhanced Authentication Plugin may be faraway from shopper techniques utilizing the shopper working system’s technique of uninstalling software program,” it added.
The disclosure comes as SonarSource disclosed a number of cross-site scripting (XSS) flaws (CVE-2024-21726) impacting the Joomla! content material administration system. It has been addressed in variations 5.0.3 and 4.4.3.
“Insufficient content material filtering results in XSS vulnerabilities in varied elements,” Joomla! stated in its personal advisory, assessing the bug as reasonable in severity.
“Attackers can leverage the difficulty to achieve distant code execution by tricking an administrator into clicking on a malicious hyperlink,” safety researcher Stefan Schiller stated. Further technical specifics concerning the flaw have been at the moment withheld.
In a associated improvement, a number of high- and critical-severity vulnerabilities and misconfigurations have been recognized within the Apex programming language developed by Salesforce to construct enterprise functions.
On the coronary heart of the issue is the power to run Apex code in “with out sharing” mode, which ignores a consumer’s permissions, thereby permitting malicious actors to learn or exfiltrate knowledge, and even present specifically crafted enter to change execution movement.
“If exploited, the vulnerabilities can result in knowledge leakage, knowledge corruption, and harm to enterprise capabilities in Salesforce,” Varonix safety researcher Nitay Bachrach stated.