VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.
References
Link | Resource |
---|---|
http://www.vmware.com/security/advisories/VMSA-2020-0025.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-11-24 08:15
Updated : 2020-12-07 06:35
NVD link : CVE-2020-4003
Mitre link : CVE-2020-4003
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
vmware
- sd-wan_orchestrator