CVE-2019-5533
MEDIUMVMware SD-WAN by VeloCloud 3.1.1-3.2.x - Incorrect Authorization
Title source: llmDescription
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2019-0017.html
Scores
CVSS v3
4.3
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
vmware/sd-wan_by_velocloud
3.1.1 - 3.3.0
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026