Update as of July 24, 2022: If your vCenter Server is or was previously attached to an Active Directory domain that used Integrated Windows Authentication (IWA) as an Identity Source, skip this vCenter release and go to vCenter 7.0 U3g. VMware KB 89027 explains the issue in more detail.
As of July 12, 2022, VMware has officially released vSphere version 7.0 U3f. This particular release addresses a number of security patches for vCenter Server, including CVE-2022-22982. This particular CVE has a CVSSv3 score of 5.3 (Moderate) and is explained in more detail in VMware’s VMSA-2022-0018 Security Advisory.
As for ESXi, this patch release addresses a number of security advisories, PRs, as well as updating drivers and VIBs on ESXi hosts. The specific security advisories addressed in this release include: CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-28693, and CVE-2022-29901. These security advisories are explained in more detail in VMware’s VMSA-2022-0020 Security Advisory.
vCenter Server 7.0 U3f | Build 20051473
Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3f-release-notes.html
ESXi 7.0 U3f | Build 20036589
Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html