There is a new security issue reported in the VMware.
This issue is with VMware Client Integration Plugin(that are used in browsers for Web Client).
VMware Security Advisory ID is: VMSA-2016-0004
Critical VMware Client Integration Plugin incorrect session handling
The VMware Client Integration Plugin does not handle session content in a safe way. This may allow for a Man in the Middle attack or Web session hijacking in case the user of the vSphere Web Client visits a malicious Web site.
The main products that have been affected with this issue are:
vCenter Server 6.0 – any version (without this patch) *
vCenter Server 5.5 U3a – U3c – any version (without this patch) *
vCloud Director 5.5.5 Windows – any version (without this patch) *
vRA Identity Appliance 6.2.4 Linux – any version (without this patch) *
Note*: After installing the updated version, the Client Integration Plugin will need to be updated on all systems from which the vSphere Web Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager.
vCenter Server 5.1 not affected
vCenter Server 5.0 not affected
vCloud Director 8.0.x Windows not affected
vCloud Director 5.6.x Windows not affected
vRA Identity Appliance 7.x Linux not affected
Even this is not a major security breach(as a medium level), is always good that you keep your ESXi host up to date regarding security patches.
Note: Share this article, if you think is worth sharing.