Vulnerabilities > CVE-2019-5533 - Incorrect Authorization vulnerability in VMWare Sd-Wan BY Velocloud

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vmware
CWE-863

Summary

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154892/CSNC-2019-007.txt
idPACKETSTORM:154892
last seen2019-10-18
published2019-10-17
reporterSilas Baertsch
sourcehttps://packetstormsecurity.com/files/154892/VMware-VeloCloud-3.3.0-3.2.2-Authorization-Bypass.html
titleVMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass