Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking

Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking


VMware is urging network administrators to remove an out-of-date plug-in for its VSphere, which has two flaws — one of them critical — that can allow attackers with access to a Windows client system to hijack cloud computing sessions.

VMware this week released a security advisory addressing the flaws — one tracked as CVE-2024-22245, with a severity rating of 9.6, and one tracked as CVE-2024-22250, with a severity rating of 7.8 — which are found in VMware Enhanced Authentication…



Source link