VMware Arbitrary Authentication Relay and Session Hijack Vulnerabilities Impacting Deprecated Enhanced Authentication Plug-in (EAP) (CVE-2024-22245 & CVE-2024-22250)

VMware has requested the users to uninstall a deprecated Enhanced Authentication Plug-in (EAP) in response to two vulnerabilities. Tracked as CVE-202402245 and CVE-2024-22250, the vulnerabilities have critical and important severity ratings, respectively. VMware announced the deprecation of the EAP in 2021 with the release of vCenter Server 7.0u2.