a. Critical VMware Client Integration Plugin incorrect session handling The VMware Client Integration Plugin does not handle session content in a safe way. This may allow for a Man in the Middle attack or Web session hijacking in case the user of the vSphere Web Client visits a malicious Web site. The vulnerability is present in versions of CIP that shipped with:
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2076
kb.vmware.com/kb/2078735
kb.vmware.com/kb/2145066
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
pubs.vmware.com/Release_Notes/en/vcd/556/rel_notes_vcloud_director_556.html
pubs.vmware.com/Release_Notes/en/vra/vrealize-automation-624-release-notes.html
pubs.vmware.com/Release_Notes/en/vsphere/55/vsphere-vcenter-server-55u3d-release-notes.html
www.vmware.com/security/advisories
kb.vmware.com/kb/1055
my.vmware.com/web/vmware/info/slug/infrastructure_operations_management/vmware_vrealize_automation/6_2
twitter.com/VMwareSRC
www.vmware.com/go/download-vsphere
www.vmware.com/go/download/vcloud-director
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html