A remote attacker could exploit as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service. The company has published workarounds for the flaw, but cautioned that they are “meant to be a temporary solution until updates [] can be deployed” The complete list of flaws patched by the virtualization services provider is as follows . The list includes:. The vulnerability can be used by anyone who can reach vCenter server over the network to gain access.”]
Source: https://thehackernews.com/2021/09/vmware-warns-of-critical-file-upload.html