6 matches found
CVE-2020-4001
The CVE-2020-4001 issue affects VMware SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x, due to default credentials that may enable a Pass-the-Hash attack. The vulnerability is documented in VMware’s advisory VMSA-2020-0025 and is corroborated by related Red Hat/NVD entries. Impact is described as a h...
CVE-2020-4000
The Red Hat and NVD entries confirm CVE-2020-4000 affects SD-WAN Orchestrator and allows an authenticated user to traverse directories, potentially leading to code execution. Affected versions are 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1. The VMware advisory likewis...
CVE-2020-3984
The CVE-2020-3984 issue affects SD-WAN Orchestrator (versions 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4) where insufficient input validation permits SQL injection via a vulnerable API call by an authenticated user, potentially leading to unauthorized data access. This is corroborated in Re...
CVE-2020-3985
The SD-WAN Orchestrator vulnerability CVE-2020-3985 allows an authenticated user to elevate privileges by calling a vulnerable API due to an access control weakness. Affected versions are 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, with remediation to update to the patched releases (3.3.2 P...
CVE-2020-4002
The CVE-2020-4002 entry affects VMware SD-WAN Orchestrator, with versions 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1, where system parameters are handled insecurely. The root cause is insecure handling of system parameters that may allow an authenticated, high-privilege SD-...
CVE-2020-4003
CVE-2020-4003 affects VMware SD-WAN Orchestrator, with versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1; it is a SQL injection flaw that allows an authenticated SD-WAN Orchestrator user to inject code into SQL queries and potentially disclose information. The CVE i...