CVE-2024-22250
Session Hijack Vulnerability in Deprecated EAP Browser Plugin
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
La vulnerabilidad de secuestro de sesión en el obsoleto complemento de autenticación mejorada de VMware podría permitir que un actor malicioso con acceso local sin privilegios a un sistema operativo Windows pueda secuestrar una sesión EAP privilegiada cuando la inicia un usuario de dominio privilegiado en el mismo sistema.
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-08 CVE Reserved
- 2024-02-20 CVE Published
- 2024-08-27 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-384: Session Fixation
CAPEC
- CAPEC-593: Session Hijacking
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| VMware Search vendor "VMware" | VMware Enhanced Authentication Plug-in (EAP) Search vendor "VMware" for product "VMware Enhanced Authentication Plug-in (EAP)" | * | en |
Affected
| ||||||