Blog | G5 Cyber Security

Patch the VMware Client Integration Plugin asap

The problem resides in the way the VMware Client Integration plugin handles session content. The flaw could be exploited by attackers to launch a Man in the Middle attack or Web session hijacking under certain conditions. The vulnerability affects the following versions of the plugin shipped with: vCenter Server, vCloud Director, and vRealize Automation Identity Appliance 6.2.0 (any 6.0 version up to 6.5 U3a, U3b, and U3c) Vulnerability affects vSphere Web Client versions.”]

Source: http://securityaffairs.co/wordpress/46333/security/vmware-client-integration-plugin.html

Exit mobile version