This script is Copyright (C) 2016 Tenable Network Security, Inc.
A virtualization appliance installed on the remote host is affected by
a session hijacking vulnerability.
The version of VMware vCloud Director installed on the remote host is
5.5.x prior to 5.5.6. It is, therefore, affected by a flaw in the
VMware Client Integration Plugin due to a failure to handle session
content in a secure manner. A remote attacker can exploit this, by
convincing a user to visit a malicious web page, to conduct a session
hijacking attack. It can also be exploited to carry out a
See also :
Upgrade to VMware vCloud Director version 5.5.6 or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.3
Public Exploit Available : false