High
Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.
Information disclosure
VMWare
vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f
Update to fixed version.
https://my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F