Lucene search
K
VmwareSd-wan Orchestrator

6 matches found

CVE
CVE
added 2020/11/24 3:29 p.m.133 views

CVE-2020-4001

The CVE-2020-4001 issue affects VMware SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x, due to default credentials that may enable a Pass-the-Hash attack. The vulnerability is documented in VMware’s advisory VMSA-2020-0025 and is corroborated by related Red Hat/NVD entries. Impact is described as a h...

9.8CVSS9.3AI score0.02899EPSS
CVE
CVE
added 2020/11/24 3:35 p.m.91 views

CVE-2020-4000

The Red Hat and NVD entries confirm CVE-2020-4000 affects SD-WAN Orchestrator and allows an authenticated user to traverse directories, potentially leading to code execution. Affected versions are 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1. The VMware advisory likewis...

8.8CVSS9.1AI score0.43017EPSS
CVE
CVE
added 2020/11/24 3:34 p.m.86 views

CVE-2020-3984

The CVE-2020-3984 issue affects SD-WAN Orchestrator (versions 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4) where insufficient input validation permits SQL injection via a vulnerable API call by an authenticated user, potentially leading to unauthorized data access. This is corroborated in Re...

6.5CVSS7.1AI score0.22367EPSS
CVE
CVE
added 2020/11/24 3:35 p.m.81 views

CVE-2020-3985

The SD-WAN Orchestrator vulnerability CVE-2020-3985 allows an authenticated user to elevate privileges by calling a vulnerable API due to an access control weakness. Affected versions are 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, with remediation to update to the patched releases (3.3.2 P...

8.8CVSS9AI score0.01406EPSS
CVE
CVE
added 2020/11/24 3:29 p.m.54 views

CVE-2020-4002

The CVE-2020-4002 entry affects VMware SD-WAN Orchestrator, with versions 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1, where system parameters are handled insecurely. The root cause is insecure handling of system parameters that may allow an authenticated, high-privilege SD-...

7.2CVSS7.8AI score0.0155EPSS
CVE
CVE
added 2020/11/24 3:29 p.m.54 views

CVE-2020-4003

CVE-2020-4003 affects VMware SD-WAN Orchestrator, with versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1; it is a SQL injection flaw that allows an authenticated SD-WAN Orchestrator user to inject code into SQL queries and potentially disclose information. The CVE i...

6.5CVSS7AI score0.0114EPSS