vCenter Server is VMware’s unified management utility, and it is used to handle virtual machines, various ESXi hosts, and other resources. A remote attacker can arbitrarily read files on the host by accessing the open vCenter console. You can get the management account password by reading the vCenter configuration file, and then use it to govern the vCenter platform and the virtual machine clusters it oversees.
In this regard, we advise users to upgrade vCenter Server to the most recent version as soon as possible.