Vulnerabilities > CVE-2022-37911 - XXE vulnerability in Arubanetworks Arubaos and Sd-Wan
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
NONE Availability impact
HIGH Summary
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.