CVE-2023-20855

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-611
View all →

Vulnerability Description

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

Related Vulnerabilities

CVE-2010-3322

HIGH
CVSS:8.8(High)

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

CWE-6112010

CVE-2014-0225

HIGH
CVSS:8.8(High)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references ...

CWE-6112014

CVE-2014-2296

HIGH
CVSS:8.8(High)

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remo...

CWE-6112014

CVE-2016-5851

HIGH
CVSS:8.8(High)

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CWE-6112016

CVE-2016-8526

HIGH
CVSS:8.8(High)

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If ...

CWE-6112016

CVE-2017-1000021

HIGH
CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.

CWE-6112017