SQL Injection Vulnerability in VMware SD-WAN Orchestrator
CVE-2020-4003
6.5MEDIUM
Summary
A security flaw was identified in VMware SD-WAN Orchestrator that allows authenticated users to perform SQL injection attacks. This vulnerability enables potential information disclosure, as malicious users can inject arbitrary SQL code into queries. The flaw affects versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1. Users are strongly advised to update their installations to mitigate the risk of exposure.
Affected Version(s)
VMware SD-WAN Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4..0.1.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved