The security vulnerability is tracked as CVE-2021-21984, and it impacts virtual appliances running vRealize Business for Cloud prior to version 7.6.0. The issue was discovered and reported to Positive Technologies web security researcher Egor Dimitrenko. The vulnerability can be exploited by attackers remotely in low complexity attacks, without requiring authentication or user interaction. The company recommends taking snapshots before applying the security patch and advises admins to update appliances as soon as possible. In December, the National Security Agency (NSA) warned that Russian state-sponsored threat actors exploited a vulnerability to steal sensitive information.
Source: https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-rce-bug-in-vrealize-business-for-cloud/