Vulnerability Details CVE-2016-2076
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.0%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 6.8
References
- http://www.securitytracker.com/id/1035570
- http://www.securitytracker.com/id/1035571
- http://www.securitytracker.com/id/1035572
- http://www.vmware.com/security/advisories/VMSA-2016-0004.html
- http://www.securitytracker.com/id/1035570
- http://www.securitytracker.com/id/1035571
- http://www.securitytracker.com/id/1035572
- http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Products affected by CVE-2016-2076
-
cpe:2.3:a:vmware:vcenter_server:5.5
-
cpe:2.3:a:vmware:vcenter_server:6.0
-
cpe:2.3:a:vmware:vcloud_automation_identity_appliance:6.2.4
-
cpe:2.3:a:vmware:vcloud_director:5.5.5