12 matches found
Security Advisory 0136
Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...
EUVD-2020-25238
Malware in sbrugna...
EUVD-2019-15108
Malware in sbrugna...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform lies in the lack of security measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2020-3973
The CVE-2020-3973 issue affects the VeloCloud Orchestrator (VMware) and is a SQL injection vulnerability caused by improper input validation. A tenant with Velocloud Orchestrator access could submit crafted SQL queries to access data beyond privileges, with impact described as data disclosure and...
Security Advisory 0131
Security Advisory 0131 PDF Date: December 23, 2025 Revision | Date | Changes ---|---|--- 1.0 | July 5, 2020 | Initial release 1.1 | December 23, 2025 | Updated to Arista Format NOTICE: VeloCloud is now an Arista product. Arista Networks has reposted this advisory that was originally posted by...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
VMware VeloCloud Authorization Bypass Vulnerability
VMware VeloCloud Orchestrator is a software-defined WAN orchestration software. A security vulnerability exists in version 3.x of VMware VeloCloud Orchestrator. The vulnerability stems from an error in the configuration, etc., of a network system or product during operation. An unauthorized...