CVE-2016-2076
published 2016-04-15CVE-2016-2076: Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity…
high7.6CVSS 3.0
AVNACLPRNUIRSUCHILAL
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vcenter_server | <= 6.0 | — |
| vmware | vcenter_server | — | — |
| vmware | vcloud_automation_identity_appliance | — | — |
| vmware | vcloud_director | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vrealize | — | — |
| vmware | vmware_vsphere | — | — |