VMware has released a security updates to address a critical remote code execution (RCE) vulnerability (CVE-2021-21985) affecting all vCenter Server installs. An attacker can exploit this vulnerability to take control of an affected system. VMware has evaluated this issue with a CVSSv3 score of 9.8.

The company also patched a medium severity authentication mechanism issue tracked as CVE-2021-21986 in vCenter Server Plug-ins.

Users are advised to review the Vmware security advisory and apply the necessary update and workaround – VMSA-2021-0010.