CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
References
Configurations

Configuration 1


Information

Published : 2020-07-08 02:15

Updated : 2020-07-15 06:34


NVD link : CVE-2020-3973

Mitre link : CVE-2020-3973

Products Affected
No products.
CWE