Blind SQL-Injection Vulnerability in VeloCloud Orchestrator

Blind SQL-Injection Vulnerability in VeloCloud Orchestrator

CVE-2020-3973 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.