PT-2016-5003 · Vmware · Client Integration Plugin+4

Publicado

2016-04-15

Atualizado

2018-10-30

CVE-2016-2076

CVSS v3.1

7.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 5.5 U3a through 5.5 U3c and 6.0 before U2 vCloud Director version 5.5.5 vRealize Automation Identity Appliance version 6.2.4

Description The issue is related to the mishandling of session content by the Client Integration Plugin (CIP) in the affected software, allowing remote attackers to hijack sessions via a crafted web site.

Recommendations For VMware vCenter Server versions 5.5 U3a through 5.5 U3c and 6.0 before U2, update to a version that includes the necessary security fixes. For vCloud Director version 5.5.5, update to a version that includes the necessary security fixes. For vRealize Automation Identity Appliance version 6.2.4, update to version 6.2.4.1 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2016-2076

Produtos afetados

Client Integration Plugin

Vmware Vcenter

Vmware Vcenter Server

Vcloud Director

Vrealize Automation Identity Appliance

PT-2016-5003 · Vmware · Client Integration Plugin+4

CVE-2016-2076

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6