CVE-2023-20855 Vulnerability Details

  /     /     /  

CVE-2023-20855 Metadata Quick Info

CVE Published: 21/02/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: vmware | Vendor: n/a | Product: VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation
Status : PUBLISHED

CVE-2023-20855 Description

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: XML External Entity (XXE) Vulnerability
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: