According to VMware's security advisory (VMSA-2021-0002), VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974).

CVE-2021-21972 is remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. The vulnerability was rated with a CVSSv3 score of 9.8 according to VMware's security advisory.

Due to this security vulnerability's critical nature, it is strongly recommended to upgrade vulnerable vCenter Server installations as soon as possible. This security issue was fixed in vCenter Server 6.5 U3n, 6.7 U3l, 7.0 U1c.

VMware also fixed an important heap-overflow vulnerability (CVE-2021-21974) in VMware ESXi  that may enable attackers to execute arbitrary code remotely on impacted devices. CVE-2021-21974 was rated with a CVSSv3 score of 8.8.

VMware vCenter Server updates also address Server-side request forgery vulnerability (CVE-2021-21973) in the vSphere Client.

More information on vulnerabilities and updates can be found in the following VMware's security advisory - vmware.com.