3 matches found
CVE-2023-20855
CVE-2023-20855 is an XXE vulnerability in VMware vRealize Orchestrator (affecting vRealize Orchestrator and related products such as vRealize Automation and Cloud Foundation). The root cause is an XML External Entity processing issue that allows a non-administrative user to craft input bypassing ...
CVE-2015-6934
This CVE (CVE-2015-6934) concerns insecure deserialization in VMware software: VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager 7.x. The root cause is unsafe/deserialization of crafted Java objec...
CVE-2021-22036
CVE-2021-22036 affects VMware vRealize Orchestrator 8.x before 8.6. The open redirect arises from improper path handling, enabling an attacker to redirect victims to an attacker‑controlled domain and potentially disclose sensitive information. Affected product versions: vRealize Orchestrator 8.x ...