This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,' the company said in a blog post. 'A file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. If you haven't patched vCenter in recent months, please do so at your earliest convenience.įollowing on from its remote code execution hole in vCentre in May, VMware has warned of a critical vulnerability in the analytics service of vCenter Server.