CVE-2016-2076
moderate-risk
Published 2016-04-15
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Do I need to act?
-
0.44% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.6/10
High
NETWORK
/ LOW complexity
Affected Products (6)
Vcloud Director
Vcloud Automation Identity Appliance
Affected Vendors
References (8)
Third Party Advisory
http://www.securitytracker.com/id/1035570
Third Party Advisory
http://www.securitytracker.com/id/1035571
Third Party Advisory
http://www.securitytracker.com/id/1035572
Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Third Party Advisory
http://www.securitytracker.com/id/1035570
Third Party Advisory
http://www.securitytracker.com/id/1035571
Third Party Advisory
http://www.securitytracker.com/id/1035572
Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
42
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
2/34 · Minimal
Exposure
13/34 · Low