The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Valid credentials for a user that can execute the "com.vmware.rvc" command
More details and the exploitation process can be found in this PDF.