Andrew Kramer

**Name of the Vulnerable Software and Affected Versions** VMware vCloud Director for Service Providers versions 9.5.x prior to 9.5.0.3 **Description** The issue is related to incorrect session management in the vCloud Director platform, which may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged-in session. Successful exploitation of this issue can enable a remote attacker to hijack remote sessions. **Recommendations** For versions 9.5.x prior to 9.5.0.3, update to version 9.5.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5 **Description** The issue exists due to insufficient input validation in the php snmp error function. This allows a remote attacker to execute arbitrary code via format string specifiers in an SNMP::get call. **Recommendations** For PHP versions prior to 5.5.34, update to version 5.5.34 or later. For PHP versions 5.6.x prior to 5.6.20, update to version 5.6.20 or later. For PHP versions 7.x prior to 7.0.5, update to version 7.0.5 or later. As a temporary workaround, consider restricting the use of the `php snmp error` function until a patch is available. Avoid using format string specifiers in SNMP::get calls until the issue is resolved.