VMWare hosted products contain a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the HTTP server not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) appended to the /sdk path. This directory traversal attack would allow the attacker to read arbitrary files on the host, including guest virtual machines.
Remote / Network Access
Loss of Confidentiality
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, VMware has released a patch to address this vulnerability.