Fwd: [CIVN-2020-0268] SQL Injection vulnerability in VMware VeloCloud Orchestrator

Severity rating: High

Software affected

· VMware VeloCloud Orchestrator versions 3.x

Overview

A vulnerability has been reported in VMware VeloCloud Orchestrator which

could allow an attacker to perform SQL injection attack on a targeted

system.

Description

This vulnerability exists in VeloCloud Orchestrator due to improper input

validation by the software. An attacker could exploit this vulnerability by

using specially crafted SQL queries on a targeted system.

Successful exploitation of this vulnerability could allow the attacker to

perform SQL injection attack and access privileged information on the

targeted system.

Solution

Update to patched versions as mentioned in the VMWare advisory:

https://www.vmware.com/security/advisories/VMSA-2020-0016.html

Vendor Information

VMWare

https://www.vmware.com/security/advisories/VMSA-2020-0016.html

References

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/184659

CVE Name

CVE-2020-3973

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0268] SQL Injection vulnerability in VMware VeloCloud Orchestrator

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive