VMware, Inc. is an American company that provides cloud and virtualization software and service. It claims to be the first to virtualize the x86 architecture commercially successfully. Recently VMware has released several security updates that eliminate the vulnerability (CVE-2016-2076) in the package VMware vSphere Client Integration Plugin (CIP), the implemented solutions in vCenter, vCloud Director, and vRealize Automation Identity Appliance.
VMware Has Eliminated A Dangerous Vulnerability In Its Products
CIP – Toolkit from VMware, a set of utilities for certain administrative operations in the virtual infrastructure. Utilities are available both for Microsoft Windows, as well as for Apple Mac OS X.
According to Prevention, published on the company website, the vulnerability is caused due to improper handling of session files. It allows one to carry out the attack “man in the middle” or intercept a user’s session with a specially formed web page. Error prone to the following products:
- vCenter Server 6.0 (version 6.0 to 6.0 U2)
- vCenter Server 5.5 U3a, U3b, U3c
- vCloud Director 5.5.5 for Windows
- vRealize Automation Identity Appliance 6.2.4 for Linux
The problem does not affect products vCloud Director 8.0.0 and 8.0.1. Before installing the updates for affected versions of CIP, the current version of vCenter Server solutions, vCloud Director, and vRealize Automation Identity Appliance will be updated. However, now the company VMware has successfully managed to patch the vulnerability, and since February’s troublesome Glibc issue to be considered critical by the company.
