0 Replies Latest reply on May 31, 2016 7:51 PM by StageCoach201110141

    Client integration plugin critical security advisory VMSA-2016-0004

    StageCoach201110141 Enthusiast

      I'm not clear exactly what the issue is on this "critical" vulnerability.  Is the issue that if someone logs into vcenter admin privileges with the web client, then visits a malicious website while they are logged in, that the malicious website code could take over their session and get control of vCenter without the person seeing what is happening? Not sure I understand the risk...can someone clarify?