The host is installed with VMWare Tools 10.3.x, 11.x or 12.x before 12.3.5 and is prone to a SAML token signature bypass vulnerability. A flaw is present in the application, which fails to handle issues in unspecified vectors. Successful exploitation allows malicious actor with guest operation privileges in a target virtual machine to be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.