vmware

vrealize_orchestrator

2 known vulnerabilities · sorted by CVSS score

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

vmware / vrealize_automation+1

Network

Published Feb 22, 2023

CVE-2021-22036

MEDIUM6.5

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

vmware / vrealize_automation+1

Network

Published Oct 13, 2021