Vulnerabilities allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity. The information disclosure issue stems from an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in the vCenter Server plugin. The fix for ESXi OpenSLP comes on the heels of a similar patch (CVE-2020-3992) last November.
Source: https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html