Lucene search
K

12 matches found

Arista
Arista
added 2026/05/01 12:0 a.m.36 views

Security Advisory 0136

Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...

7.8CVSS6.5AI score0.96267EPSS
Exploits228
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-25238

Malware in sbrugna...

8.8CVSS8.7AI score0.01119EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15108

Malware in sbrugna...

4.3CVSS4.7AI score0.17883EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:36 p.m.13 views

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

8.8CVSS7.5AI score0.01119EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:19 a.m.5 views

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

4.3CVSS6.5AI score0.17883EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2020/10/01 12:0 a.m.8 views

The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform lies in the lack of security measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and...

10CVSS7.8AI score0.01119EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/07/08 2:15 p.m.22 views

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

8.8CVSS0.01119EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/08 1:46 p.m.27 views

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

8.8AI score0.01119EPSS
Exploits0References1
CVE
CVE
added 2020/07/08 1:46 p.m.62 views

CVE-2020-3973

The CVE-2020-3973 issue affects the VeloCloud Orchestrator (VMware) and is a SQL injection vulnerability caused by improper input validation. A tenant with Velocloud Orchestrator access could submit crafted SQL queries to access data beyond privileges, with impact described as data disclosure and...

8.8CVSS8.8AI score0.01119EPSS
Exploits0References1Affected Software1
Arista
Arista
added 2020/07/05 12:0 a.m.25 views

Security Advisory 0131

Security Advisory 0131 PDF Date: December 23, 2025 Revision | Date | Changes ---|---|--- 1.0 | July 5, 2020 | Initial release 1.1 | December 23, 2025 | Updated to Arista Format NOTICE: VeloCloud is now an Arista product. Arista Networks has reposted this advisory that was originally posted by...

8.8CVSS6.2AI score0.01119EPSS
Exploits0
OSV
OSV
added 2019/10/29 7:15 p.m.2 views

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

4.3CVSS5.8AI score0.17883EPSS
Exploits2References1
CNVD
CNVD
added 2019/10/17 12:0 a.m.2 views

VMware VeloCloud Authorization Bypass Vulnerability

VMware VeloCloud Orchestrator is a software-defined WAN orchestration software. A security vulnerability exists in version 3.x of VMware VeloCloud Orchestrator. The vulnerability stems from an error in the configuration, etc., of a network system or product during operation. An unauthorized...

4.3CVSS6.5AI score0.17883EPSS
Exploits2References1
Rows per page
Query Builder