A high-severity vulnerability discovered almost a year ago in VMware vCenter Server 8.0 has not yet been patched(opens in new tab), the company has confirmed.
The flaw, tracked as CVE-2021-22048, is described as a privilege escalation vulnerability, and allows non-admin users to elevate their privileges on unpatched servers. It was discovered in November 2021 in vCenter Server’s Integrated Windows Authentication mechanism (IWA).