Legacy Struggles: VMware Faces Critical Security Issue with Outdated SSO Plugin

Looks like you need to take some action on your VMware environment.

There was a critical security advisory VMSA-2024-0003 issued by VMware on Tues Feb 20. 2024. The product impacted is VMware Enhanced Authentication Plug-in (EAP). Appears that users are asked to uninstall the product.

Laura French writes for SC Magazine

The VMware EAP is a deprecated browser plugin that enables seamless single sign-on (SSO) to vSphere’s management interface from client workstations. It is an optional feature that stopped receiving support with the release of VMware vCenter Server 7.0.0u2 in March 2021.

There are two CVEs that referenced CVE-2024-22245 and CVE-2024-22250, but there is a sliver lining.

Users do not need to patch VMware vCenter Server, VMware ESXi or VMware Cloud Foundation to protect against CVE-2024-22245 or CVE-2024-22250.

Get those systems remediated.