{"id":55409,"date":"2024-02-22T14:58:12","date_gmt":"2024-02-22T14:58:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35568\/VMware-Issues-No-Patch-Advisory-For-Critical-Flaw-In-Old-SSO-Plugin.html"},"modified":"2024-02-22T14:58:12","modified_gmt":"2024-02-22T14:58:12","slug":"vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/","title":{"rendered":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware-e1708540890612.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>VMware issued <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2024-0003.html\" target=\"_blank\" rel=\"noreferrer noopener\">a security advisory<\/a> Tuesday warning users to uninstall the VMware Enhanced Authentication Plug-in (EAP) due to critical and high severity vulnerabilities.<\/p>\n<p>The VMware EAP is a deprecated browser plugin that enables seamless single sign-on (SSO) to vSphere\u2019s management interface from client workstations. It is an optional feature that stopped receiving support with the <a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-702-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">release of VMware vCenter Server 7.0.0u2<\/a> in March 2021.<\/p>\n<p>A critical vulnerability in the VMWare EAP, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-22245\" target=\"_blank\" rel=\"noreferrer noopener\">tracked as CVE-2024-22245<\/a>, could allow a remote attacker to perform an arbitrary authentication relay attack by tricking a user with the plugin installed into visiting a malicious website, <a href=\"https:\/\/www.pentestpartners.com\/security-blog\/no-fix-krbrelay-vmware-style\/\" target=\"_blank\" rel=\"noreferrer noopener\">according to Ceri Coburn of Pen Test Partners<\/a>, who discovered the flaws.<\/p>\n<p>Another, high severity vulnerability tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-22250\">CVE-2024-22250<\/a> could allow a local user to hijack vCenter sessions of other users with access to the same system. This is because the VMware EAP log file containing session IDs is stored in the ProgramData folder for any local user to see, Coburn explained in a blog post published Wednesday.<\/p>\n<p>VMware received the initial vulnerability report from Coburn on Oct. 17, 2023, and confirmed the problem on Dec. 1 after weeks of back-and-forth communication, according to the post. The advisory was published by VMware on Feb. 20, 2024.<\/p>\n<h2>VMware EAP enables attackers to request Kerberos tickets<\/h2>\n<p>The arbitrary authentication relay bug CVE-2024-22245, which has a CVSS score of 9.6, allows attackers to communicate with the VMware EAP using WebSocket commands on a malicious website, and request arbitrary Kerberos tickets on behalf of a victim, Coburn explained.<\/p>\n<p>These tickets can be requested for any Active Directory Service Principal Names (SPNs), allowing the attacker to access any service within the victim\u2019s Active Directory network.<\/p>\n<p>When a victim visits a malicious website (for example, by clicking a link in a phishing email) and a ticket request is made, the browser will notify the user that the website is attempting to communicate with the VMware EAP. The ticket is relayed if the user clicks the popup option to allow access.<\/p>\n<p>The session hijack bug CVE-2024-22250, which has a CVSS score of 7.8, requires the attacker to have local access to the target system. In this case, the attacker can utilize a script to automatically scan the VMware log file in the ProgramData folder for session IDs and wait for a session to be initiated.<\/p>\n<p>Once a new session ID is obtained, the attacker can request an arbitrary Kerberos service ticket using the same WebSocket commands as in the first case, Coburn wrote. &nbsp;<\/p>\n<p>Neither vulnerability is believed to have been exploited in the wild, VMware said <a href=\"https:\/\/core.vmware.com\/resource\/vmsa-2024-0003-questions-answers\" target=\"_blank\" rel=\"noreferrer noopener\">in a FAQ<\/a> regarding its advisory.<\/p>\n<h2>No patch available for VMWare plugin vulnerabilities, uninstall required<\/h2>\n<p>VMware<a href=\"https:\/\/kb.vmware.com\/s\/article\/96442\" target=\"_blank\" rel=\"noreferrer noopener\"> provided instructions<\/a> for users to uninstall the VMware EAP, which requires the removal of two components \u2013 the in-browser plugin itself and the Windows service \u201cVMware Plug-in Service.\u201d<\/p>\n<p>Users can uninstall the vulnerable features from the Windows Control Panel, in the original program installers, or by running PowerShell commands. VMware also provides instructions for disabling the Windows service if it\u2019s not possible to uninstall, and for firewalling traffic from the plugin if no other options are available.<\/p>\n<p>A link to install VMware EAP is still present on the vSphere Client login page but is planned to be removed in a future update, according to the VMware FAQ.<\/p>\n<p>Despite being deprecated in 2021, the VMware EAP remains the only option for SSO authentication for vSphere 7, which will remain supported until April 2025.<\/p>\n<p>The latest platform version, vSphere 8, offers additional authentication methods, including via the Lightweight Directory Access Protocol over SSL (LDAPS), Microsoft Active Directory Federation Services (ADFS), Okta and Microsoft Entra ID (formerly Azure AD), according to VMware.<\/p>\n<p>Users do not need to patch VMware vCenter Server, VMware ESXi or VMware Cloud Foundation to protect against CVE-2024-22245 or CVE-2024-22250.<\/p>\n<h2>Penetration tester criticizes VMware\u2019s disclosure timeline<\/h2>\n<p>In his blog post, Coburn described the disclosure process with VMware as \u201csomewhat cumbersome\u201d and expressed frustration due to the length of time between his initial report, VMware\u2019s confirmation of the problem, and the publication of the security advisory.<\/p>\n<p>\u201cThere was a circa six weeks delay from the time of disclosure before VMware confirmed that there was a problem even though the initial disclosure emails contained simple POC\u2019s for both issues. In some cases, a basic understanding of risks around requesting arbitrary SPN\u2019s seem to be missing altogether,\u201d Coburn wrote.<\/p>\n<p>He continued, \u201cIt\u2019s also frustrating that VMware took 126 days to essentially publish a no fix disclosure. This could have been disclosed a lot sooner.\u201d<\/p>\n<p>Coburn also said he was \u201csomewhat disappointed\u201d with the lack of a patch for VMware EAP, as users of vSphere 7 will either lose the ability to utilize SSO-based authentication or be forced to upgrade to vSphere 8.<\/p>\n<p>SC Media reached out to Broadcom, which owns VMware, with questions about the disclosure timeline and decision not to patch, and did not receive a response.<\/p>\n<p>Earlier this year, another VMware vulnerability, tracked as CVE-2023-34048, was <a href=\"https:\/\/www.scmagazine.com\/brief\/prolonged-exploitation-of-vmware-zero-day-conducted-by-chinese-hackers\" target=\"_blank\" rel=\"noreferrer noopener\">confirmed to be have under active exploitation<\/a> by the Chinese state-sponsored cyberespionage group UNC3886 since 2021.<\/p>\n<p>The threat actor used the critical out-of-bounds vulnerability to obtain vCenter system privileges, enumerate ESXi hosts and virtual machines and deploy VIRTUALPIE and VIRTUALPITA malware, according to Mandiant.<\/p>\n<p>Last week, Trellix researchers also revealed that <a href=\"https:\/\/www.scmagazine.com\/news\/mragent-ransomware-tool-from-ransomhouse-group-targets-esxi-servers\" target=\"_blank\" rel=\"noreferrer noopener\">a new ransomware tool called \u201cMrAgent\u201d<\/a> was being used by the ransomware-as-a-service (RaaS) operator RansomHouse Group to target VMware ESXi hypervisors.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35568\/VMware-Issues-No-Patch-Advisory-For-Critical-Flaw-In-Old-SSO-Plugin.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55410,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[968],"class_list":["post-55409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-22T14:58:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware-e1708540890612.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin\",\"datePublished\":\"2024-02-22T14:58:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/\"},\"wordCount\":915,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg\",\"keywords\":[\"headline,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/\",\"name\":\"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg\",\"datePublished\":\"2024-02-22T14:58:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/","og_locale":"en_US","og_type":"article","og_title":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-02-22T14:58:12+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware-e1708540890612.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin","datePublished":"2024-02-22T14:58:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/"},"wordCount":915,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg","keywords":["headline,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/","url":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/","name":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg","datePublished":"2024-02-22T14:58:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/vmware-issues-no-patch-advisory-for-critical-flaw-in-old-sso-plugin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflaw\/"},{"@type":"ListItem","position":3,"name":"VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55409"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55409\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55410"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}