VMware vCenter Server is vulnerable to server-side request forgery. By accessing a URL request outside of vCenter Server or accessing an internal service, a remote attacker could exploit this vulnerability to conduct an SSRF attack.
VMware vCenter Server could allow a remote attacker to obtain sensitive information. A remote attacker could exploit this vulnerability to read arbitrary files on the system.
Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.