vCenter Server, vCloud Director, and vRealize Automation Identity Appliance) and client side devices (i.e. Please note that both the server side (namely (i.e. Please refer to VMware’s security advisory to download the necessary updates. VMware have released updates to resolve this issue within the affected products. How Can I Protect Myself From This Issue? This issue could also result in the session between the client and the server becoming hijacked if the user of the vSphere Web Client were to visit a malicious website. If an attacker were to successfully exploit this issue it may lead to the disclosure of the information within the client session between the server (as a result of the man-in-the-middle-attack). Why Should This Issue Be Considered Important? This issue was assigned the CVE number ( defined) CVE-2016-2076 These updates resolve a potential man-in-the-middle-attack (MiTM)( defined) that is caused by an error in how the VMware Client Integration Plugin handles session content.
#VMWARE CLIENT INTEGRATION PLUGIN EDGE MAC OS X#
Client Integration Plugin for Apple Mac OS X and Windows.vRealize Automation Identity Appliance version 6.2.4 for Linux.vCloud Director version 5.5.5 for Windows.In the latter half of last week VMware released security updates for the following products: