A new vulnerability in Cloud Director could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. The code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to send malicious traffic to Cloud Director, leading to the execution of arbitrary code. The vulnerability is rated 8.8 out of 10 on the CVSS v.3 vulnerability severity scale, making it a critical vulnerability.VMware Cloud Director is a popular deployment, automation, and management software.
Source: https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html