The issue stems from a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in. The flaw affects vCenter Server versions 6.5, 6.7, and 7.0 and Cloud Foundation versions 3.x and 4.x. A malicious actor with network access to port 443 could exploit this issue to execute commands with unrestricted privileges on the underlying operating system hosting the server. The fix also rectifies an authentication issue in the vSphere Client that affects the plug-ins.
Source: https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html