Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware sd-wan orchestrator vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-3984
The SD-WAN Orchestrator 3.3.2 before 3.3.2 P3 and 3.4.x before 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthori...
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
578
VMScore
CVE-2020-4000
The SD-WAN Orchestrator 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
668
VMScore
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
578
VMScore
CVE-2020-3985
The SD-WAN Orchestrator 3.3.2 before 3.3.2 P3 and 3.4.x before 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate ...
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
578
VMScore
CVE-2020-4002
The SD-WAN Orchestrator 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
356
VMScore
CVE-2020-4003
VMware SD-WAN Orchestrator 3.3.2 before 3.3.2 P3, 3.4.x before 3.4.4, and 4.0.x before 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lea...
Vmware Sd-wan Orchestrator 3.3.2
Vmware Sd-wan Orchestrator
356
VMScore
CVE-2019-5533
In VMware SD-WAN by VeloCloud versions 3.x before 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers a...
Vmware Sd-wan By Velocloud
NA
CVE-2024-22248
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
445
VMScore
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Fasterxml Jackson-databind
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Fedoraproject Fedora 32
Quarkus Quarkus
Apache Iotdb
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Platform 2.6.2
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Sd-wan Edge 9.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Services Gatekeeper 7.0
Oracle Banking Platform 2.7.0
1 Github repository
1 Article
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1153 Github repositories
28 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »