VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed.
It is recommended to review the patch/release notes if you happen to use any of the following products: VMware vCenter Server 5.5 prior to version 5.5 update 3, VMware vCenter Server 5.1 prior to version 5.1 update u3b, VMware vCenter Server 5.0 prior to version 5.0 update u3e, vCloud Director 5.6 prior to version 5.6.4, vCloud Director 5.5 prior to version 5.5.3, VMware Horizon View 6.0 prior to version 6.1, and VMware Horizon View 5.0 prior to version 5.3.4.
VMware Security Advisory is available here – http://www.vmware.com/security/advisories/VMSA-2015-0008.html