36 matches found
Security Advisory 0136
Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...
EUVD-2019-15108
Malware in sbrugna...
EUVD-2020-25238
Malware in sbrugna...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...
The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform lies in the lack of security measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
Sql injection
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2020-3973
The CVE-2020-3973 issue affects the VeloCloud Orchestrator (VMware) and is a SQL injection vulnerability caused by improper input validation. A tenant with Velocloud Orchestrator access could submit crafted SQL queries to access data beyond privileges, with impact described as data disclosure and...
VMware Releases Security Update for VeloCloud
VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...
VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)
3a. Advisory Details The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5...
Security Advisory 0131
Security Advisory 0131 PDF Date: December 23, 2025 Revision | Date | Changes ---|---|--- 1.0 | July 5, 2020 | Initial release 1.1 | December 23, 2025 | Updated to Arista Format NOTICE: VeloCloud is now an Arista product. Arista Networks has reposted this advisory that was originally posted by...
The vulnerability of the VMware SD-WAN platform managed by programmatically configured networks, caused by VeloCloud, stems from the lack of protection for service data. This allows a malicious actor to gain unauthorized access to account information.
The vulnerability of the VMware SD-WAN platform for programmatically configurable networks by VeloCloud is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to account information...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
Authorization
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...
CVE-2019-5533
Summary: CVE-2019-5533 affects VMware SD-WAN by VeloCloud Orchestrator (3.x, before 3.3.0). A parameter authorization check allows an enterprise user to disclose MSP account information. Impact (per sources): Information disclosure limited to MSP user data (username, first/last name, phone, email...