Skip to main content

Vrealize Orchestrator

5 CVEs product

Monthly

CVE-2023-20855 HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-34212 Maven MEDIUM This Month

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34211 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-22036 MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2015-6934 HIGH This Week

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Java Apache Vcenter Orchestrator +1
NVD
CVSS 3.0
7.3
EPSS
1.8%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation +1
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Vrealize Orchestrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Vrealize Orchestrator
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware +2
NVD
EPSS 2% CVSS 7.3
HIGH This Week

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Java +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy