Critical severity9.6NVD Advisory· Published Feb 20, 2024· Updated Apr 15, 2026

CVE-2024-22245

Description

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2024-0003.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000