CVE Published: 21/02/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: vmware |
Vendor: n/a |
Product: VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation Status : PUBLISHED
CVE-2023-20855 Description
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.