The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware velocloud_orchestrator |
||
vmware velocloud_orchestrator 3.3.2 |
||
vmware velocloud_orchestrator 3.4.0 |