CVE-2020-4003

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:-:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p1:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p2:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:*:*:*:*:*:*:*:*

Information

Published : 2020-11-24 08:15

Updated : 2020-12-07 06:35


NVD link : CVE-2020-4003

Mitre link : CVE-2020-4003


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

vmware

  • sd-wan_orchestrator