CVE-2021-22036

VMware vRealize Orchestrator 8.x prior to 8.6 contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure...

EUVD-2015-6868

Malware in sbrugna...

EUVD-2021-9205

Malicious code in bioql PyPI...

EUVD-2023-25034

Malicious code in bioql PyPI...

EUVD-2022-6022

Malicious code in bioql PyPI...

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

Vulnerability fixed in VMware vRealize

VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...

VMware Patches Critical Vulnerability in Carbon Black App Control Product

VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualizatio...

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

Xxe

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

CVE-2023-20855

CVE-2023-20855 is an XXE vulnerability in VMware vRealize Orchestrator (affecting vRealize Orchestrator and related products such as vRealize Automation and Cloud Foundation). The root cause is an XML External Entity processing issue that allows a non-administrative user to craft input bypassing ...

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

VMSA-2023-0005:VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability

Advisory ID: VMSA-2023-0005 CVSSv3 Range: 8.8 Issue Date:2023-02-21 Updated On: 2023-02-21 Initial Advisory CVEs: CVE-2023-20855 Synopsis: VMware vRealize Orchestrator update addresses an XML External Entity XXE vulnerability CVE-2023-20855 RSS Feed Download PDF Download Text File Share this page...

GHSA-35R9-GFQF-R6CW Missing permission check in Jenkins vRealize Orchestrator Plugin

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

GHSA-C965-P3W4-835C Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

Missing permission check in Jenkins vRealize Orchestrator Plugin

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

Jenkins vRealize Orchestrator Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...

CVE-2022-34212

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...