VMware: [Security-announce] VMware Client Integration Plugin

//VMware: [Security-announce] VMware Client Integration Plugin

VMware: [Security-announce] VMware Client Integration Plugin

There is a new security issue reported in the VMware.

This issue is with VMware Client Integration Plugin(that are used in browsers for Web Client).

VMware Security Advisory ID is: VMSA-2016-0004
http://www.vmware.com/security/advisories/VMSA-2016-0004.html

Problem Description:  

Critical VMware Client Integration Plugin incorrect session handling

The VMware Client Integration Plugin does not handle session content  in a safe way. This may allow for a Man in the Middle attack or Web  session hijacking in case the user of the vSphere Web Client visits a malicious Web site.

The main products that have been affected with this issue are:

Affected:

vCenter Server   6.0                        – any  version (without this patch) *

vCenter Server   5.5 U3a – U3c    – any  version (without this patch) *

vCloud Director  5.5.5  Windows – any  version (without this patch) *

vRA Identity Appliance  6.2.4    Linux  – any  version (without this patch) *

Note*: After installing the updated version, the Client Integration Plugin  will need to be updated on all systems from which the vSphere Web  Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager.

Not affected:

vCenter Server          5.1         not affected

vCenter Server          5.0         not affected

vCloud Director         8.0.x    Windows   not affected

vCloud Director         5.6.x     Windows   not affected

vRA Identity Appliance  7.x   Linux         not affected

Even this is not a major security breach(as a medium level), is always good that you keep your ESXi host up to date regarding security patches.

Note: Share this article, if you think is worth sharing.

By | 2017-12-30T02:50:11+02:00 April 21st, 2016|Virtualization|0 Comments

About the Author:

I am over 20 years’ experience in the IT industry. Working with Virtualization for more than 10 years (mainly VMware). I am an MCP, VCP6.5-DCV, VMware vSAN Specialist, Veeam Vanguard 2018/2019, vExpert vSAN 2018/2019 and vExpert for the last 4 years. Specialties are Virtualization, Storage, and Virtual Backups. I am working for Elits a Swedish consulting company and allocated to a Swedish multinational networking and telecommunications company as a Teach Lead and acting as a Senior ICT Infrastructure Engineer. I am a blogger and owner of the blog ProVirtualzone.com

Leave a Reply

%d bloggers like this: