CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5533

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile36.25th
PublishedOct 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

Affected Platforms (CPE)

📦
Vmware

Sd Wan By Velocloud

>= 3.1.1 and < 3.3.0

References & Advisories

🔗 https://www.vmware.com/security/advisories/VMSA-2019-0017.html
🔗 https://www.vmware.com/security/advisories/VMSA-2019-0017.html

Related Vulnerabilities

CVE-2018-69618.1

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI componen...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-700310.0

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execu...

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...