VYPR

SD-WAN by VeloCloud

by VMware

CVEs (2)

  • CVE-2018-6961HigKEVJun 11, 2018
    risk 0.75cvss 8.1epss 0.86

    VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the…

  • CVE-2019-5533Oct 28, 2019
    risk 0.00cvss epss 0.18

    In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone…