From en.secnews.gr
VMware urges its users vCenter to update versions vCenter Server 6.5, 6.7 and 7.0 as soon as possible, as there are serious vulnerabilities.
The most serious is CVE-2021-21985, which allows the remote code execution and is located in a vSAN plugin, where is enabled by default in vCenter. An attacker can exploit this vulnerability and execute whatever he wants on the underlying machine, provided there is access to port 443.