Vulnerabilities > Arubanetworks > Edgeconnect SD WAN Orchestrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-41136 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. | 8.8 |
| 2024-07-24 | CVE-2024-22444 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2024-07-24 | CVE-2024-22443 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. | 8.8 |
| 2024-07-24 | CVE-2024-41914 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 9.0 |
| 2023-08-22 | CVE-2023-37421 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37422 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37423 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37424 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. | 8.1 |
| 2023-08-22 | CVE-2023-37425 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 6.1 |
| 2023-08-22 | CVE-2023-37426 | Use of Hard-coded Credentials vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. | 7.5 |