VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)

2020-07-0700:00:00

www.vmware.com

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

41.7%

JSON

3a. Advisory Details

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3973

my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1

www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H