This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Update 3m (Linux appliance
bdb3128591e803fa1beff81827096bb294a0b4124989ab73f3593b99e35faca8
VMware Security Advisory 2021-0010 - VMware vCenter Server updates address remote code execution and authentication vulnerabilities.
9473c522fcfc58e375d2311352f05cc6387a78f24adb7026fa22312412e8647c