Vmware · Vmware Sd-Wan · CVE-2019-5533
**Name of the Vulnerable Software and Affected Versions**
VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0
**Description**
The issue is related to the VeloCloud Orchestrator parameter authorization check, which mistakenly allows enterprise users to obtain information about Managed Service Provider accounts. This includes `username`, `first and last name`, `phone numbers`, and `e-mail address` if present. The exploitation of this issue may allow a remote attacker to gain unauthorized access to account information using a specially crafted request.
**Recommendations**
For versions 3.x prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the VeloCloud Orchestrator to minimize the risk of exploitation.