SQL Injection Vulnerability in VMware SD-WAN Orchestrator
CVE-2020-4003
6.5MEDIUM
What is CVE-2020-4003?
A security flaw was identified in VMware SD-WAN Orchestrator that allows authenticated users to perform SQL injection attacks. This vulnerability enables potential information disclosure, as malicious users can inject arbitrary SQL code into queries. The flaw affects versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1. Users are strongly advised to update their installations to mitigate the risk of exposure.
Affected Version(s)
VMware SD-WAN Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4..0.1.