* vCenter Operations prior to 5.0.x
* vCenter CapacityIQ 1.5.x
* Movie Decoder prior to 9.0
a. VMware Movie Decoder Installer binary planting vulnerability
The installer of the VMware Movie Decoder has a binary planting vulnerability. An attacker who can write their malicious executable to the same folder as where the installer of the Movie Decoder is located may be able to run their code when the installation is started.
VMware would like to thank Mitja Kolsek of ACROS Security for reporting this issue to us.
b. vCenter Operations cross-site scripting vulnerability
The vCenter Operations server contains a cross-site scripting vulnerability that allows an attacker to steal an administrator's session cookie. To exploit this vulnerability, the attacker must convince the administrator to click on a malicious link.
c. vCenter CapacityIQ path traversal vulnerability
vCenter CapacityIQ contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files.