VMware security advisory VMSA-2021-0025 describes CVE-2021-22048. VMware has investigated and determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article.

This workaround requires that the SSO identity source configuration is switched from Integrated Windows Authentication (IWA) to one of the options below.

Active Directory over LDAP authentication is not impacted by this vulnerability. However, VMware strongly recommend that customers plan to move to another authentication method, The VMware blog posted here has more details on this. 
In addition, please refer to the vSphere Authentication with vCenter Single Sign-On documentation 

This issue is resolved in vCenter Server 7.0 U3i version. For information on how to download, please see VMware vSphere downloads, VMware Converter, OEM custom images, patches and addons in the Broadcom Support Portal. For more details please read VMware security advisory VMSA-2021-0025.

Workaround:

To switch to Active Directory over LDAPs, please see here and Configuring a vCenter Single Sign-On Identity Source using LDAP with SSL.
To switch to Identity Provider Federation for AD FS, please see here.