Apply VMware vCenter server updates from May 25, 2021 to mitigate remote code execution and authentication vulnerabilities.
Recently, patches were released for the VMware vCenter Server, versions 6.5, 6.7 and 7.0, as well as Cloud Foundation products to address vulnerabilities. The vSphere client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default. A malicious actor with network access to port 443 may exploit this issue.
EDCi strongly recommends applying the patch to your vCenter servers as soon as possible to eliminate the risk of this vulnerability. More information can be found at the following links:
Advisory ID: VMSA-2021-0010
VMware Patch Downloads (login required)
If you have questions or need assistance deploying the updates, please contact the EDCi Technical Support Services Center at (800) 332-3553 or Support@edci.com. We are here to help!