/VMware: [Security-announce] VMware Client Integration Plugin

VMware: [Security-announce] VMware Client Integration Plugin

There is a new security issue reported in the VMware.

This issue is with VMware Client Integration Plugin(that are used in browsers for Web Client).

VMware Security Advisory ID is: VMSA-2016-0004
http://www.vmware.com/security/advisories/VMSA-2016-0004.html

Problem Description:  

Critical VMware Client Integration Plugin incorrect session handling

The VMware Client Integration Plugin does not handle session content  in a safe way. This may allow for a Man in the Middle attack or Web  session hijacking in case the user of the vSphere Web Client visits a malicious Web site.

The main products that have been affected with this issue are:

Affected:

vCenter Server   6.0                        – any  version (without this patch) *

vCenter Server   5.5 U3a – U3c    – any  version (without this patch) *

vCloud Director  5.5.5  Windows – any  version (without this patch) *

vRA Identity Appliance  6.2.4    Linux  – any  version (without this patch) *

Note*: After installing the updated version, the Client Integration Plugin  will need to be updated on all systems from which the vSphere Web  Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager.

Not affected:

vCenter Server          5.1         not affected

vCenter Server          5.0         not affected

vCloud Director         8.0.x    Windows   not affected

vCloud Director         5.6.x     Windows   not affected

vRA Identity Appliance  7.x   Linux         not affected

Even this is not a major security breach(as a medium level), is always good that you keep your ESXi host up to date regarding security patches.

Note: Share this article, if you think is worth sharing.

By | 2017-12-30T02:50:11+01:00 April 21st, 2016|VMware Posts|0 Comments

About the Author:

I have over 20 years of experience in the IT industry. I have been working with Virtualization for more than 15 years (mainly VMware). I recently obtained certifications, including VCP DCV 2022, VCAP DCV Design 2023, and VCP Cloud 2023. Additionally, I have VCP6.5-DCV, VMware vSAN Specialist, vExpert vSAN, vExpert NSX, vExpert Cloud Provider for the last two years, and vExpert for the last 7 years and a old MCP. My specialties are Virtualization, Storage, and Virtual Backup. I am a Solutions Architect in the area VMware, Cloud and Backup / Storage. I am employed by ITQ, a VMware partner as a Senior Consultant. I am also a blogger and owner of the blog ProVirtualzone.com and recently book author.

Leave A Comment