Rewterz Threat Alert – Group Targeting Executives via Phishing Campaigns for over a year
July 7, 2020Rewterz Threat Advisory – CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Vulnerability
July 8, 2020Rewterz Threat Alert – Group Targeting Executives via Phishing Campaigns for over a year
July 7, 2020Rewterz Threat Advisory – CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Vulnerability
July 8, 2020Severity
High
Analysis Summary
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Impact
SQL-injection
Affected Vendors
VMware
Affected Products
VMware SD-WAN by VeloCloud (VeloCloud)
Remediation
Update to latest version.
https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1