VMware patches VeloCloud SQL-injection vulnerability (CVE-2020-3973)

VMware patches SD-WAN SQL injection vulnerability (CVE-2020-3973)

VMware has released a patch for a high severity SQL-injection vulnerability in VMware SD-WAN by VeloCloud (VeloCloud).

As part of security advisory VMSA-2020-0016, the SQL injection vulnerability CVE-2020-3973 impacts VMware-hosted VeloCloud Orchestrators.

“The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection,” VMware noted in the advisory.

VMware has rated the issue “Important” and has a CVSS score of 8.5.

Related Articles