PT-2016-5003 · Vmware · Client Integration Plugin+4
Published
2016-04-15
·
Updated
2018-10-30
·
CVE-2016-2076
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
VMware vCenter Server versions 5.5 U3a through 5.5 U3c and 6.0 before U2
vCloud Director version 5.5.5
vRealize Automation Identity Appliance version 6.2.4
Description
The issue is related to the mishandling of session content by the Client Integration Plugin (CIP) in the affected software, allowing remote attackers to hijack sessions via a crafted web site.
Recommendations
For VMware vCenter Server versions 5.5 U3a through 5.5 U3c and 6.0 before U2, update to a version that includes the necessary security fixes.
For vCloud Director version 5.5.5, update to a version that includes the necessary security fixes.
For vRealize Automation Identity Appliance version 6.2.4, update to version 6.2.4.1 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Client Integration Plugin
Vmware Vcenter
Vmware Vcenter Server
Vcloud Director
Vrealize Automation Identity Appliance