3 matches found
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack...
CVE-2020-4001
The CVE-2020-4001 issue affects VMware SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x, due to default credentials that may enable a Pass-the-Hash attack. The vulnerability is documented in VMware’s advisory VMSA-2020-0025 and is corroborated by related Red Hat/NVD entries. Impact is described as a h...
VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)
3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...