|CERT-In Vulnerability Note
SQL Injection vulnerability in VMware VeloCloud Orchestrator
Original Issue Date:July 10, 2020
Severity Rating: HIGH
- VMware VeloCloud Orchestrator versions 3.x
A vulnerability has been reported in VMware VeloCloud Orchestrator which could allow an attacker to perform SQL injection attack on a targeted system.
This vulnerability exists in VeloCloud Orchestrator due to improper input validation by the software. An attacker could exploit this vulnerability by using specially crafted SQL queries on a targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform SQL injection attack and access privileged information on the targeted system.
Update to patched versions as mentioned in the VMWare advisory:
IBM X-Force Exchange
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003