CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system...

CVE-2020-4002

creationtimestamp| type| source ---|---|--- 2020-11-24 18:46:47+00:00| seen| https://t.me/cibsecurity/16775...

CVE-2020-4002

The CVE-2020-4002 entry affects VMware SD-WAN Orchestrator, with versions 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1, where system parameters are handled insecurely. The root cause is insecure handling of system parameters that may allow an authenticated, high-privilege SD-...

CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system...

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)

3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...