There is a new security issue reported in the VMware.

This issue is with VMware Client Integration Plugin(that are used in browsers for Web Client).

VMware Security Advisory ID is: VMSA-2016-0004
http://www.vmware.com/security/advisories/VMSA-2016-0004.html

Problem Description:  

Critical VMware Client Integration Plugin incorrect session handling

The VMware Client Integration Plugin does not handle session content  in a safe way. This may allow for a Man in the Middle attack or Web  session hijacking in case the user of the vSphere Web Client visits a malicious Web site.

The main products that have been affected with this issue are:

Affected:

vCenter Server   6.0                        – any  version (without this patch) *

vCenter Server   5.5 U3a – U3c    – any  version (without this patch) *

vCloud Director  5.5.5  Windows – any  version (without this patch) *

vRA Identity Appliance  6.2.4    Linux  – any  version (without this patch) *

Note*: After installing the updated version, the Client Integration Plugin  will need to be updated on all systems from which the vSphere Web  Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager.

Not affected:

vCenter Server          5.1         not affected

vCenter Server          5.0         not affected

vCloud Director         8.0.x    Windows   not affected

vCloud Director         5.6.x     Windows   not affected

vRA Identity Appliance  7.x   Linux         not affected

Even this is not a major security breach(as a medium level), is always good that you keep your ESXi host up to date regarding security patches.

Note: Share this article, if you think is worth sharing.