N/A

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

N/A

N/A

VMware VeloCloud Orchestrator SQL注入漏洞

VMware VeloCloud Orchestrator是美国威睿（VMware）公司的一套NSX SD-WAN解决方案的管理平台。该平台支持集中式配置、实时监控和故障排除等。 VMware VeloCloud Orchestrator 3.x版本中存在安全漏洞，该漏洞源于程序没有正确验证输入。攻击者可借助特制SQL查询利用该漏洞获取特权数据。

N/A

N/A