Lucene search

VMwareVMSA-2023-0005

HistoryFeb 21, 2023 - 12:00 a.m.

VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855)

2023-02-2100:00:00

www.vmware.com

vmware

vrealize orchestrator

xml external entity

vulnerability

cve-2023-20855

software

update

security

0.002 Low

EPSS

Percentile

54.6%

JSON

3. XML External Entity (XXE) Vulnerability (CVE-2023-20855)

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

CPENameOperatorVersion
vmware vrealize orchestratorlt8.11.1
vmware vrealize automationlt8.11.1
vmware cloud foundation (vrealize automation)eq4.x

Name	Operator	Version
vmware vrealize orchestrator	lt	8.11.1
vmware vrealize automation	lt	8.11.1
vmware cloud foundation (vrealize automation)	eq	4.x

References

customerconnect.vmware.com/en/downloads/details?downloadGroup=VROVA-8111&productId=1399&rPId=101376

customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_automation/8_11

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20855

docs.vmware.com/en/vRealize-Automation/services/rn/vrealize-automation-release-notes/index.html

docs.vmware.com/en/vRealize-Orchestrator/8.11.1/rn/vmware-vrealize-orchestrator-8111-release-notes/index.html

kb.vmware.com/s/article/90926

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for VMSA-2023-0005