VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
CPE | Name | Operator | Version |
---|---|---|---|
vrealize_automation | ge | 8.0 | |
vrealize_automation | lt | 8.11.1 | |
vrealize_orchestrator | ge | 8.0 | |
vrealize_orchestrator | lt | 8.11.1 |