Vulnerabilities are present in vCenter Server 6.5, 6.7 and 7.0, as well as the VMware Cloud Foundation. The most serious issue, designated CVE-2021-21985, is within what’s called “vSphere Client (HTML5)” It’s a remote execution flaw that has a CVSSv3 base score of 9.8 out of 10. A separate authentication flaw exists in the authentication mechanism in several plug-ins. A Shodan search on Wednesday found more than 5,500 internet-connected instances of VMware vCenter.”]
Source: https://www.cuinfosecurity.com/vmware-urges-rapid-patching-for-serious-vcenter-server-bug-a-16740