Описание
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.
Уязвимость платформы управления программно-конфигурируемыми сетями VMware SD-WAN by VeloCloud, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к информации об учетных записях
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2