The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2020-07-08T13:46:28
Updated: 2024-08-04T07:52:20.505Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-3973
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-08T14:15:10.413
Modified: 2020-07-15T18:34:40.370
Link: CVE-2020-3973
Redhat
No data.