3 matches found
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
CVE-2023-20855
CVE-2023-20855 is an XXE vulnerability in VMware vRealize Orchestrator (affecting vRealize Orchestrator and related products such as vRealize Automation and Cloud Foundation). The root cause is an XML External Entity processing issue that allows a non-administrative user to craft input bypassing ...
VMSA-2023-0005:VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability
Advisory ID: VMSA-2023-0005 CVSSv3 Range: 8.8 Issue Date:2023-02-21 Updated On: 2023-02-21 Initial Advisory CVEs: CVE-2023-20855 Synopsis: VMware vRealize Orchestrator update addresses an XML External Entity XXE vulnerability CVE-2023-20855 RSS Feed Download PDF Download Text File Share this page...