February 21, 2024 at 01:15AM
VMware has reported critical security flaws in the Enhanced Authentication Plugin (EAP), urging users to uninstall it. The vulnerability enables a malicious actor to manipulate service tickets and hijack sessions. Additionally, SonarSource disclosed cross-site scripting flaws in Joomla!. Salesforce’s Apex programming language also faces high-severity vulnerabilities. Users are advised to follow removal recommendations.
Key takeaways from the meeting notes:
1. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) due to the discovery of critical security vulnerabilities, including an arbitrary authentication relay bug and a session hijack flaw.
2. The vulnerabilities impact users who have added EAP to Microsoft Windows systems to connect to VMware vSphere via the vSphere Client. VMware recommends removing the plugin altogether to mitigate potential threats.
3. SonarSource disclosed multiple cross-site scripting (XSS) flaws impacting the Joomla! content management system, which have been addressed in versions 5.0.3 and 4.4.3.
4. High- and critical-severity vulnerabilities and misconfigurations have been identified in the Apex programming language developed by Salesforce, potentially leading to data leakage, data corruption, and damage to business functions.
5. Information about the vulnerabilities has been shared with a security researcher and recommendations have been made to install the updated versions of Joomla! and to address the vulnerabilities in Salesforce’s Apex programming language.
Please let me know if this meets your requirements or if any further details are needed.