Dakota University has reported a Vulnerability about VMware vCloud Director for service providers recently about Remote Session Hijack vulnerability in the Tenant and Provider Portals. Previously, I published an article about Out-of-bounds Read/Write Security Vulnerabilities and you can find the post here.
The exploitation of this allows attacker to access Tenant or Provider portals by impersonating a currently logged in session.
CVE-2019-5523 has assigned to this vulnerability, and only affected the vCloud Director 9.5.x version. If you have the 9.5.x version running in your environment make sure to update the version to 18.104.22.168 which comes with the relevant patches.