A directory traversal vulnerability allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server. The Common Vulnerabilities and Exposures project has assigned the name CVE-2012-5978 to this issue. The update to VMware View is available for free to license holders of the product and can be downloaded here. It may be possible to prevent exploitation of the issue by blocking the attack with an intrusion protection system or application layer firewall.
Source: https://thehackernews.com/2012/12/vmware-view-critical-directory.html