Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 4.0 |
| 2020-11-24 | CVE-2020-4002 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 6.5 |
| 2020-11-24 | CVE-2020-4001 | Use of Hard-coded Credentials vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. | 7.5 |
| 2020-11-24 | CVE-2020-4000 | Path Traversal vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. | 6.5 |
| 2020-11-24 | CVE-2020-3985 | Improper Privilege Management vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. | 6.5 |
| 2020-11-24 | CVE-2020-3984 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. | 4.0 |
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |
| 2020-11-20 | CVE-2020-4005 | Improper Privilege Management vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. | 7.2 |
| 2020-11-20 | CVE-2020-4004 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. | 4.6 |
| 2020-11-11 | CVE-2020-5426 | Cleartext Transmission of Sensitive Information vulnerability in VMWare Pivotal Scheduler Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. | 4.3 |