If you have a vCAC (or the new name vRealize Automation, vRA) system on an untrusted network you should read up on this. (Or in truth, one could argue if you have it all in a production environment….).
VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server.
To be clear, this is not a broad virtual machine remove console (VMRC) issue, but how it is implemented in vCAC/vRA. vSphere is not affected, vCD is not affected. vRA 6.2 is not affected as “connect using VMRC” is disabled. The workaround for the older versions is to disable this method.