VMware Has Eliminated A Dangerous Vulnerability In Its Products
CIP – Toolkit from VMware, a set of utilities for certain administrative operations in the virtual infrastructure. Utilities are available both for Microsoft Windows, as well as for Apple Mac OS X. According to Prevention, published on the company website, the vulnerability is caused due to improper handling of session files. It allows one to carry out the attack “man in the middle” or intercept a user’s session with a specially formed web page. Error prone to the following products:
vCenter Server 6.0 (version 6.0 to 6.0 U2) vCenter Server 5.5 U3a, U3b, U3c vCloud Director 5.5.5 for Windows vRealize Automation Identity Appliance 6.2.4 for Linux
The problem does not affect products vCloud Director 8.0.0 and 8.0.1. Before installing the updates for affected versions of CIP, the current version of vCenter Server solutions, vCloud Director, and vRealize Automation Identity Appliance will be updated. However, now the company VMware has successfully managed to patch the vulnerability, and since February’s troublesome Glibc issue to be considered critical by the company.