Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVmwareCVELIST:CVE-2023-20855
HistoryFeb 21, 2023 - 12:00 a.m.

CVE-2023-20855

2023-02-2100:00:00
vmware
www.cve.org
vmware vrealize orchestrator
xxe
xml parsing restrictions
sensitive information
privileges escalation
cve-2023-20855

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation",
    "versions": [
      {
        "version": "VMware vRealize Orchestrator 8.x",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cve 1
vmware 1
nvd 1
nessus 1
thn 1
prion
prion
Xxe
2023-02-22 00:15:00
cve
cve
CVE-2023-20855
2023-02-22 00:15:11
vmware
vmware
VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855)
2023-02-21 00:00:00
nvd
nvd
CVE-2023-20855
2023-02-22 00:15:11
nessus
nessus
VMware vCenter / vRealize Orchestrator 8.x < 8.11.1 XXE (VMSA-2023-0005)
2023-02-24 00:00:00
thn
thn
VMware Patches Critical Vulnerability in Carbon Black App Control Product
2023-02-22 04:55:00

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for CVELIST:CVE-2023-20855
prion1cve1vmware1nvd1nessus1thn1