Security Advisory

CVE-2023-20855

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-21 00:00:00

Last updated 2025-03-17 18:25:24

Assigner vmware

State PUBLISHED

Description

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

← Browse all CVEs View on cve.org ↗