cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-4000,https://securityvulnerability.io/vulnerability/CVE-2020-4000,,"The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.",Vmware,Vmware Sd-wan Orchestrator,8.8,HIGH,0.0012700000079348683,false,false,false,false,,false,false,2020-11-24T15:35:07.000Z,0
CVE-2020-3985,https://securityvulnerability.io/vulnerability/CVE-2020-3985,,The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.,Vmware,Vmware Sd-wan Orchestrator,8.8,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2020-11-24T15:35:00.000Z,0
CVE-2020-3984,https://securityvulnerability.io/vulnerability/CVE-2020-3984,,The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.,Vmware,Vmware Sd-wan Orchestrator,6.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2020-11-24T15:34:49.000Z,0
CVE-2020-4003,https://securityvulnerability.io/vulnerability/CVE-2020-4003,,"VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.",Vmware,Vmware Sd-wan Orchestrator,6.5,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2020-11-24T15:29:38.000Z,0
CVE-2020-4002,https://securityvulnerability.io/vulnerability/CVE-2020-4002,,"The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.",Vmware,Vmware Sd-wan Orchestrator,7.2,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2020-11-24T15:29:29.000Z,0
CVE-2020-4001,https://securityvulnerability.io/vulnerability/CVE-2020-4001,,"The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.",Vmware,Vmware Sd-wan Orchestrator,9.8,CRITICAL,0.001820000004954636,false,false,false,false,,false,false,2020-11-24T15:29:22.000Z,0