CVE-2020-3973

Name of the Vulnerable Software and Affected Versions: VeloCloud Orchestrator (affected versions not specified)

Description: The issue is related to the VeloCloud Orchestrator component of the VMware SD-WAN by VeloCloud platform, which fails to properly protect the SQL query structure. This allows for blind SQL-injection attacks, where a malicious actor with tenant access can enter specially crafted SQL queries to obtain unauthorized data, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.