CVE-2020-3985

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their...

CVE-2020-3985

creationtimestamp| type| source ---|---|--- 2020-11-24 18:46:51+00:00| seen| https://t.me/cibsecurity/16779...

CVE-2020-3985

The SD-WAN Orchestrator vulnerability CVE-2020-3985 allows an authenticated user to elevate privileges by calling a vulnerable API due to an access control weakness. Affected versions are 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, with remediation to update to the patched releases (3.3.2 P...

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)

3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...