Security Advisory 0136

Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...

EUVD-2019-15108

Malware in sbrugna...

EUVD-2020-25238

Malware in sbrugna...

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

Sql injection

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

CVE-2020-3973

The CVE-2020-3973 issue affects the VeloCloud Orchestrator (VMware) and is a SQL injection vulnerability caused by improper input validation. A tenant with Velocloud Orchestrator access could submit crafted SQL queries to access data beyond privileges, with impact described as data disclosure and...

VMware Releases Security Update for VeloCloud

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...

VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)

3a. Advisory Details The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5...

Security Advisory 0131

Security Advisory 0131 PDF Date: December 23, 2025 Revision | Date | Changes ---|---|--- 1.0 | July 5, 2020 | Initial release 1.1 | December 23, 2025 | Updated to Arista Format NOTICE: VeloCloud is now an Arista product. Arista Networks has reposted this advisory that was originally posted by...

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

Authorization

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

CVE-2019-5533

Summary: CVE-2019-5533 affects VMware SD-WAN by VeloCloud Orchestrator (3.x, before 3.3.0). A parameter authorization check allows an enterprise user to disclose MSP account information. Impact (per sources): Information disclosure limited to MSP user data (username, first/last name, phone, email...

VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability

Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...

VMware VeloCloud Authorization Bypass Vulnerability

VMware VeloCloud Orchestrator is a software-defined WAN orchestration software. A security vulnerability exists in version 3.x of VMware VeloCloud Orchestrator. The vulnerability stems from an error in the configuration, etc., of a network system or product during operation. An unauthorized...