CVE-2023-20855

Published: Feb 21, 2023

Modified: Mar 17, 2025

PUBLISHED

Description

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

Vendor	Product	Versions
n/a	VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation	affected `VMware vRealize Orchestrator 8.x`

References

https://www.vmware.com/security/advisories/VMSA-2023-0005.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-20855

Description

Affected Products

References