VMware is urging customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the invention of a vital security flaw.
Tracked as CVE-2024-22245 (CVSS rating: 9.6), the vulnerability has been described as an arbitrary authentication relay bug.
“A malicious actor may trick a goal area consumer with EAP put in of their internet browser into requesting and relaying service tickets for arbitrary Energetic Listing Service Principal Names (SPNs),” the corporate stated in an advisory.
EAP, deprecated as of March 2021, is a software program bundle that is designed to permit direct login to vSphere’s administration interfaces and instruments by an online browser. It isn’t included by default and isn’t a part of vCenter Server, ESXi, or Cloud Basis.
Additionally found in the identical instrument is a session hijack flaw (CVE-2024-22250, CVSS rating: 7.8) that might allow a malicious actor with unprivileged native entry to a Home windows working system to grab a privileged EAP session.
Ceri Coburn from Pen Take a look at Companions has been credited with discovering and reporting the dual vulnerabilities.
It is value mentioning that the shortcomings solely influence customers who’ve added EAP to Microsoft Home windows methods to connect with VMware vSphere through the vSphere Consumer.
The Broadcom-owned firm stated the vulnerabilities won’t be addressed, as a substitute recommending customers to take away the plugin altogether to mitigate potential threats.
“The Enhanced Authentication Plugin will be faraway from consumer methods utilizing the consumer working system’s technique of uninstalling software program,” it added.
The disclosure comes as SonarSource disclosed a number of cross-site scripting (XSS) flaws (CVE-2024-21726) impacting the Joomla! content material administration system. It has been addressed in variations 5.0.3 and 4.4.3.
“Insufficient content material filtering results in XSS vulnerabilities in numerous parts,” Joomla! stated in its personal advisory, assessing the bug as average in severity.
“Attackers can leverage the difficulty to realize distant code execution by tricking an administrator into clicking on a malicious hyperlink,” security researcher Stefan Schiller stated. Extra technical specifics concerning the flaw have been presently withheld.
In a associated growth, a number of high- and critical-severity vulnerabilities and misconfigurations have been recognized within the Apex programming language developed by Salesforce to construct enterprise functions.
On the coronary heart of the issue is the power to run Apex code in “with out sharing” mode, which ignores a consumer’s permissions, thereby permitting malicious actors to learn or exfiltrate knowledge, and even present specifically crafted enter to change execution circulate.
“If exploited, the vulnerabilities can result in knowledge leakage, knowledge corruption, and harm to enterprise features in Salesforce,” Varonix security researcher Nitay Bachrach stated.
