CVE-2023-20855

Name of the Vulnerable Software and Affected Versions VMware vRealize Orchestrator (affected versions not specified)

Description The issue is related to an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative access to vRealize Orchestrator may be able to use specially crafted input to bypass XML parsing restrictions, leading to access to sensitive information or possible escalation of privileges. The vulnerability is associated with incorrect restriction of XML links to external objects, which can allow a remote attacker to conduct XXE attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.