CVE-2023-20855

Summary

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud FoundationVMware vRealize Orchestrator 8.xaffected

Weaknesses

  • XML External Entity (XXE) Vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References