54 matches found
CVE-2021-22036
VMware vRealize Orchestrator 8.x prior to 8.6 contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure...
EUVD-2015-6868
Malware in sbrugna...
EUVD-2021-9205
Malicious code in bioql PyPI...
EUVD-2023-25034
Malicious code in bioql PyPI...
EUVD-2022-6022
Malicious code in bioql PyPI...
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
The platform for automating work processes in VMware vRealize Orchestrator is vulnerable. The tools for managing virtual infrastructure in VMware vRealize Automation and the VMware Cloud Foundation virtualization platform are also vulnerable. This vulnerability stems from incorrect restrictions on XML references to external objects, allowing attackers to carry out XXE attacks.
The vulnerability of the VMware vRealize Orchestrator platform, which is used for automating work processes, as well as the VMware vRealize Automation tool for managing virtual infrastructure, and the VMware Cloud Foundation virtualization platform, is related to incorrect restrictions on XML...
Vulnerability fixed in VMware vRealize
VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...
VMware Patches Critical Vulnerability in Carbon Black App Control Product
VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualizatio...
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
Xxe
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
CVE-2023-20855
CVE-2023-20855 is an XXE vulnerability in VMware vRealize Orchestrator (affecting vRealize Orchestrator and related products such as vRealize Automation and Cloud Foundation). The root cause is an XML External Entity processing issue that allows a non-administrative user to craft input bypassing ...
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...
VMSA-2023-0005:VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability
Advisory ID: VMSA-2023-0005 CVSSv3 Range: 8.8 Issue Date:2023-02-21 Updated On: 2023-02-21 Initial Advisory CVEs: CVE-2023-20855 Synopsis: VMware vRealize Orchestrator update addresses an XML External Entity XXE vulnerability CVE-2023-20855 RSS Feed Download PDF Download Text File Share this page...
The vulnerability of the VMware vRealize Orchestrator platform, related to the lack of protection for operational data, allows a perpetrator to disclose protected information.
The vulnerability of the VMware vRealize Orchestrator platform for automating processes is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
GHSA-35R9-GFQF-R6CW Missing permission check in Jenkins vRealize Orchestrator Plugin
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
GHSA-C965-P3W4-835C Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...
Missing permission check in Jenkins vRealize Orchestrator Plugin
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...