Rewterz Threat Advisory – CVE-2023-23695 – Dell Secure Connect Gateway Vulnerability

February 22, 2023

Rewterz Threat Advisory – CVE-2023-20858 – VMware Carbon Black App Control (App Control) Vulnerability

February 22, 2023

Rewterz Threat Advisory – CVE-2023-20855 – VMware vRealize Orchestrator XML external Vulnerability

February 22, 2023

Severity

High

Analysis Summary

CVE-2023-20855

VMware vRealize Orchestrator is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser. By using specially-crafted XML content, a remote authenticated attacker could exploit this vulnerability to read arbitrary files, cause a denial of service, conduct an SSRF attack, or achieve other system impacts.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2023-20855

Affected Vendors

VMware

Affected Products

VMware Cloud Foundation 4.0
VMware vRealize Orchestrator 8.11
VMware vRealize Automation 8.11

Remediation

Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.

VMware Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SuperCard X Malware Exploiting NFC for Financial Fraud – Active IOCs

Zoom Remote Control Feature Exploited to Gain Access

Microsoft Entra Account Lockouts Triggered by Token Logging Error

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2023-23695 – Dell Secure Connect Gateway Vulnerability

Rewterz Threat Advisory – CVE-2023-20858 – VMware Carbon Black App Control (App Control) Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.