Affected versions are VMware vCenter Server prior to version 6.0 update 1 and VMware vCenter Server prior to version 5.5 update 3. The problem is that VMware vCenter Server does not validate the certificate when binding to an LDAP server using TLS. Exploitation of this vulnerability may allow an attacker that is able to intercept traffic between vCenter Server and the LDAP server to capture sensitive information.
VMware Security Advisory is available here – http://www.vmware.com/security/advisories/VMSA-2015-0006.html