1. Home
  2. CVE Database
  3. CVE-2019-5533
MEDIUM · 4.3

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider...

Vulnerability Description

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
VmwareSd-Wan By Velocloud>= 3.1.1, < 3.3.0

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2019-5533?

CVE-2019-5533 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider...

How severe is CVE-2019-5533?

CVE-2019-5533 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5533?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Sd-Wan By Velocloud.