The vulnerabilities were discovered by Mikhail Klyuchnikov, senior web application security researcher at Positive Technologies. "There is already scanning of the internet for this vulnerability," he told DCK. When Positive Technologies released its report on the vulnerability Wednesday, the research firm was able to find more than 6,000 VMware vCenter devices worldwide that were accessible via the internet and had this vulnerability, a quarter of them located in the US. While exposed systems are the highest and immediate risk, the bigger potential harm comes from internal systems on networks that have been compromised in other ways. According to Positive Technologies, more than 90 percent of VMware vCenter devices are located entirely within the perimeter.