Unrated severityNVD Advisory· Published Jul 8, 2020· Updated Aug 4, 2024
CVE-2020-3973
CVE-2020-3973
Description
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Affected products
2- VeloCloud/VeloCloud Orchestratordescription
Patches
Vulnerability mechanics
References
1- www.vmware.com/security/advisories/VMSA-2020-0016.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.