CVE-2020-4003

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Sd-wan Orchestrator
Timeline
PublishedNov 24
Latest updateMay 24

Description

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDvmware/sd-wan_orchestrator3.4.03.4.4+2
CVEListV5vmware_sd-wan_orchestratorVMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4..0.1.

🔴Vulnerability Details

2
GHSA
GHSA-v6w2-2rvc-2pmq: VMware SD-WAN Orchestrator 32022-05-24
CVEList
CVE-2020-4003: VMware SD-WAN Orchestrator 32020-11-24

📋Vendor Advisories

1
VMware
VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)2020-11-18
CVE-2020-4003 (MEDIUM CVSS 6.5) | VMware SD-WAN Orchestrator 3.3.2 pr | cvebase.io