Skip to Main Content

VMware Releases Security Update for VeloCloud

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information.

Impacted Products

VMware SD-WAN by VeloCloud (VeloCloud)

Advisory Details

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

Known Attack Vendors

A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.


To remediate CVE-2020-3973 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found on the link for the Security Advisory provided below.

This advisory is available at: