CVE-2023-20855
published 2023-02-22CVE-2023-20855: VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vrealize_automation | >= 8.0 < 8.11.1 | 8.11.1 |
| vmware | vrealize_orchestrator | >= 8.0 < 8.11.1 | 8.11.1 |