CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-5533

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile36.25th
Published2019年10月29日
Last Modified2024年11月21日

Vulnerability Description

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

Affected Platforms (CPE)

📦
Vmware

Sd Wan By Velocloud

>= 3.1.1 and < 3.3.0

References & Advisories

🔗 https://www.vmware.com/security/advisories/VMSA-2019-0017.html
🔗 https://www.vmware.com/security/advisories/VMSA-2019-0017.html

相關漏洞威脅

CVE-2018-69618.1

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI componen...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...