VYPR
Unrated severityNVD Advisory· Published Jul 8, 2020· Updated Aug 4, 2024

CVE-2020-3973

CVE-2020-3973

Description

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.