Security News > 2016 > April > VMware plugs critical information-leaking hole (Help Net Security)

VMware plugs critical information-leaking hole (Help Net Security)
2016-04-15 19:16

VMware has plugged a critical security issue in the VMware Client Integration Plugin, which could allow for a Man in the Middle attack or web session hijacking in case the user of the vSphere Web Client visits a malicious website. The vulnerability (CVE-2016-2076) is due to incorrect session handling, and could lead to disclosure of sensitive information. The buggy plugin is found in vCenter Server 6.0 (any 6.0 version prior to 6.0 U2), vCenter Server … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/PPyQ6GdyTvU/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-04-15 CVE-2016-2076 Improper Authentication vulnerability in VMWare products
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
network
low complexity
vmware CWE-287
7.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591