Recently we received a vulnerability report saying the OpenSSH version on our vCenter Appliance is out of date. Is there any way I can update it on the appliance or will I need to upgrade to 7.0 in order to fix this vulnerability? If it requires an upgrade to 7.0 then that is no problem as we plan on doing that later this year/early next year.
You cannot change anything in the appliance, but what you can do is disable ssh till you need it.
Do not update anything on VCSA. Please report this to VMware Support with the vulnerability report