cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-4000,https://securityvulnerability.io/vulnerability/CVE-2020-4000,Directory Traversal Vulnerability in SD-WAN Orchestrator by VMware,"A directory traversal vulnerability exists in VMware's SD-WAN Orchestrator, allowing authenticated users to navigate through restricted directories and potentially execute arbitrary files. This could lead to serious security breaches as unauthorized code execution may compromise the integrity and confidentiality of the affected systems. It is crucial for users of affected versions to apply necessary patches to mitigate these risks.",Vmware,Vmware Sd-wan Orchestrator,8.8,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2020-11-24T15:35:07.000Z,0
CVE-2020-3985,https://securityvulnerability.io/vulnerability/CVE-2020-3985,Privilege Escalation Vulnerability in VMware SD-WAN Orchestrator,"A flaw in the VMware SD-WAN Orchestrator allows authenticated users to manipulate access levels by exploiting a vulnerable API, potentially leading to unauthorized system access. This issue affects versions 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, and highlights the necessity for implementing adequate access controls and API security measures to prevent misuse.",Vmware,Vmware Sd-wan Orchestrator,8.8,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2020-11-24T15:35:00.000Z,0
CVE-2020-3984,https://securityvulnerability.io/vulnerability/CVE-2020-3984,SQL Injection Vulnerability in VMware SD-WAN Orchestrator,"The SD-WAN Orchestrator from VMware is compromised due to insufficient input validation in certain versions. This vulnerability enables authenticated users to exploit vulnerable API calls by injecting specially crafted SQL queries. Such actions could result in unauthorized access to sensitive data, posing significant risks to the integrity and confidentiality of the information within the affected systems.",Vmware,Vmware Sd-wan Orchestrator,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2020-11-24T15:34:49.000Z,0
CVE-2020-4003,https://securityvulnerability.io/vulnerability/CVE-2020-4003,SQL Injection Vulnerability in VMware SD-WAN Orchestrator,"A security flaw was identified in VMware SD-WAN Orchestrator that allows authenticated users to perform SQL injection attacks. This vulnerability enables potential information disclosure, as malicious users can inject arbitrary SQL code into queries. The flaw affects versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1. Users are strongly advised to update their installations to mitigate the risk of exposure.",Vmware,Vmware Sd-wan Orchestrator,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-11-24T15:29:38.000Z,0
CVE-2020-4002,https://securityvulnerability.io/vulnerability/CVE-2020-4002,Insecure System Parameter Management in SD-WAN Orchestrator by VMware,"The SD-WAN Orchestrator, versions 3.3.2 prior to P3, 3.4.x prior to 4.4, and 4.0.x prior to 4.0.1, is affected by a vulnerability that arises from its insecure management of system parameters. This flaw allows an authenticated user with high privileges to potentially execute arbitrary code on the operating system, posing significant security risks. Organizations utilizing affected versions should apply the necessary updates to mitigate these vulnerabilities.",Vmware,Vmware Sd-wan Orchestrator,7.2,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2020-11-24T15:29:29.000Z,0
CVE-2020-4001,https://securityvulnerability.io/vulnerability/CVE-2020-4001,Default Password Vulnerability in VMware SD-WAN Orchestrator,"The VMware SD-WAN Orchestrator versions 3.3.2, 3.4.x, and 4.0.x contain a security weakness due to the use of default passwords for predefined accounts. This vulnerability can be exploited via a Pass-the-Hash attack, where an attacker can gain unauthorized access by using the hashed credentials instead of the actual password. It is critical for users to change default passwords to help secure their environments against potential exploitation.",Vmware,Vmware Sd-wan Orchestrator,9.8,CRITICAL,0.001820000004954636,false,,false,false,false,,,false,false,,2020-11-24T15:29:22.000Z,0