Security News > 2016 > April > VMware plugs critical information-leaking hole (Help Net Security)
2016-04-15 19:16
VMware has plugged a critical security issue in the VMware Client Integration Plugin, which could allow for a Man in the Middle attack or web session hijacking in case the user of the vSphere Web Client visits a malicious website. The vulnerability (CVE-2016-2076) is due to incorrect session handling, and could lead to disclosure of sensitive information. The buggy plugin is found in vCenter Server 6.0 (any 6.0 version prior to 6.0 U2), vCenter Server … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/PPyQ6GdyTvU/
Related news
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-15 | CVE-2016-2076 | Improper Authentication vulnerability in VMWare products Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | 6.8 |