VMware patches security flaws leading to RCE in SD-WAN Orchestrator

Limited Time Offer! For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly. Master DevOps, SRE, DevSecOps Skills! Enroll Now Source:-https://portswigger.net VMware has fixed vulnerabilities in its VeloCloud SD-WAN Orchestrator that, chained together, can lead to unauthenticated remote code execution (RCE). Researchers from Realmode Labs combined authentication bypass, SQL injection, and directory traversal vulnerabilities to leave arbitrary JavaScript running in node.js. The revelation marks the conclusion of a blog series documenting potentially calamitous RCE

Read more