CVE-2016-2076
First published: Fri Apr 15 2016(Updated: )
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter Server | <=6.0 | |
| VMware vCenter Server | =5.5-3a | |
| VMware vCenter Server | =5.5-3b | |
| VMware vCenter Server | =5.5-u3c | |
| Vmware Vcloud Automation Identity Appliance | =6.2.4 | |
| VMware vCloud Director | =5.5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/vmware
- canonical/vmware vcenter server
- version/vmware vcenter server/6.0
- version/vmware vcenter server/5.5-3a
- version/vmware vcenter server/5.5-3b
- version/vmware vcenter server/5.5-u3c
- canonical/vmware vcloud automation identity appliance
- version/vmware vcloud automation identity appliance/6.2.4
- canonical/vmware vcloud director
- version/vmware vcloud director/5.5.5