The problem resides in the way the VMware Client Integration plugin handles session content. The flaw could be exploited by attackers to launch a Man in the Middle attack or Web session hijacking under certain conditions. The vulnerability affects the following versions of the plugin shipped with: vCenter Server, vCloud Director, and vRealize Automation Identity Appliance 6.2.0 (any 6.0 version up to 6.5 U3a, U3b, and U3c) Vulnerability affects vSphere Web Client versions.”]
Source: http://securityaffairs.co/wordpress/46333/security/vmware-client-integration-plugin.html

