High
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
SQL-injection
VMware
VMware SD-WAN by VeloCloud (VeloCloud)
Update to latest version.
https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1