CVE-2020-3973
N/A
N/A
Summary
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware SD-WAN by VeloCloud | VMware SD-WAN by VeloCloud 3.2.x, 3.3.x prior to 3.3.2 p2, 3.4.x prior to 3.4.1 | affected |
Weaknesses
- Blind SQL-injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.