Today VMware has released the following new security advisory:
The advisory documents a critical security vulnerability in the way the VMware Client Integration Plugin handles session content (CVE-2016-2076). In order to remediate this issue, both server side and client side will need to be updated. On the client side this means that the Client Integration Plugin (in use by the vSphere Web Client) must be updated.
Since vCloud Director 5.5.5 is affected by this issue we want to mention that the version of vCloud Director that is deployed in vCloud Air is not affected.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.