VMware has released a patch for a high severity SQL-injection vulnerability in VMware SD-WAN by VeloCloud (VeloCloud).
As part of security advisory VMSA-2020-0016, the SQL injection vulnerability CVE-2020-3973 impacts VMware-hosted VeloCloud Orchestrators.
“The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection,” VMware noted in the advisory.
VMware has rated the issue “Important” and has a CVSS score of 8.5.
- VMware patches Stored XSS vulnerability (CVE-2020-3955) in ESXi
- VMware patches critical vmnetdhcp vulnerability (CVE-2020-3947) in VMware Workstation and Fusion
- VMware patches Workstation Tools vulnerability (CVE-2020-3941)