High severity security risks for vCenter 6.5, 6.7, and 7.0
The most urgent is the file upload vulnerability that can be used to execute commands and software on the VCSA. This can be used by anyone that can reach the VCSA over the network, regardless of config settings on vCenter Server.
It is recommended to immediately patch to the referenced vCenter versions in the VMSA linked below.
References:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://via.vmw.com/vmsa-2021-0020-faq