VMware released a new security advice about VirtualCenter:

The security issue is caused due to the x.509 certificate presented by a server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack. The security issue is reported in the following versions:

• VMware VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643)
• VMware VirtualCenter client 1.4.x before 1.4.1 Patch 1 (Build 33425)

Download the VirtualCenter 2.0.1 Patch 1 here and VirtualCenter 1.4.1 Patch 1 here.