Recently VMware has released a number of security updates to fix a critical vulnerability in one of its products. The vulnerability is caused due to improper handling session files and allows to carry out the attack “man in the middle”.
VMware Has Eliminated A Dangerous Vulnerability In Its Products
VMware, Inc. is an American company that provides cloud and virtualization software and services, and claims to be the first to successfully virtualize the x86 architecture commercially and recently VMware has released a number of security updates that eliminate the vulnerability (CVE-2016-2076) in the package VMware vSphere Client Integration Plugin (CIP), the implemented solutions in vCenter, vCloud Director, and vRealize Automation Identity Appliance.
CIP – Toolkit from VMware, which is a set of utilities for certain administrative operations in the virtual infrastructure. Utilities are available both for Microsoft Windows, as well as for Apple Mac OS X.
According to Prevention , published on the company website, the vulnerability is caused due to improper handling session files and allows to carry out the attack “man in the middle” or intercept a user’s session with a specially formed web-page. Error prone to the following products:
vCenter Server 6.0 (version 6.0 to 6.0 U2)
vCenter Server 5.5 U3a, U3b, U3c
vCloud Director 5.5.5 for Windows
vRealize Automation Identity Appliance 6.2.4 for Linux
The problem does not affect products vCloud Director 8.0.0 and 8.0.1. Before installing the updates for affected versions of CIP will need to update the current version of vCenter Server solutions, vCloud Director and vRealize Automation Identity Appliance. However, now the company VMware successfully managed to patch the vulnerability and since February’s troublesome glibc issue to be considered critical by the company.