A critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in affects all vCenter Server deployments. The vulnerability has a CVSSv3 base score of 9.8 out of 10 and is being tracked as CVE-2021-21985. It can be used by unauthenticated attackers in low complexity attacks which don’t require user interaction. The company also patched a medium severity authentication mechanism issue tracked as C-Vulnerability-related. The issue also affects vCenter server 6.5, 6.7, and 7.0, according to the advisory.
Source: https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-affecting-all-vcenter-server-installs/