VMware Fixes Security Flaws in vCloud Director, Hypervisor Software

VMware late last week released patches for two security flaws, which ranged from important to critical in terms of severity. The fixes resolved vulnerabilities within its vCloud Director platform and within its hypervisor software: ESXi, Workstation, and Fusion. The first advisory was directed at a remote session hijack vulnerability found within the vCloud Director platform for service providers, which is VMware’s cloud service delivery platform. The vulnerability was found within the tenant and provider portals and allowed attackers to access the portals through impersonation of someone logged into a session. This vulnerability was ranked as a “critical” security flaw. It was discovered by four faculty members at Dakota State University.