VYPR

SD-WAN Orchestrator

by VMware

CVEs (7)

  • CVE-2020-4001CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.03

    The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

  • CVE-2020-4000HigNov 24, 2020
    risk 0.61cvss 8.8epss 0.43

    The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

  • CVE-2020-3985HigNov 24, 2020
    risk 0.57cvss 8.8epss 0.01

    The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to…

  • CVE-2020-4002HigNov 24, 2020
    risk 0.47cvss 7.2epss 0.02

    The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

  • CVE-2024-22248HigApr 2, 2024
    risk 0.46cvss 7.1epss 0.00

    VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

  • CVE-2020-3984MedNov 24, 2020
    risk 0.44cvss 6.5epss 0.22

    The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to…

  • CVE-2020-4003MedNov 24, 2020
    risk 0.42cvss 6.5epss 0.01

    VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which…