Your one-stop web resource providing safety and security information to manufacturers

VMware released a security advisory for a critical issue in the firm’s Client Integration Plugin (CIP) that could allow man-in-the-middle (MitM) attacks or web session hijacking.

The vulnerability is present in versions of the CIP shipped with vCenter Server 6, vCenter Server 5.5 U3a, U3b, U3c, vCloud Director 5.5.5, and vRealize Automation Identity Appliance 6.2.4, according to the April 14 advisory.

VMware Reissues Patch for vCenter
VMware Fixes Privilege Escalation Flaw
VMware Update after Apache Fix
VMware Working on Fix for Zero Day

Researchers said the issue ends up caused by the plugin not handling session content in a safe way.

In order to remediate the issue, researchers said users will need to update the server side and the client side of the application.

Cyber Security

“After installing the updated version, the Client Integration Plugin will need to be updated on all systems from which the vSphere Web Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager,” the advisory said.

Pin It on Pinterest

Share This