Vulnerabilities > Arubanetworks > Edgeconnect SD WAN Orchestrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2023-37421 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37422 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37423 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37424 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. | 8.1 |
| 2023-08-22 | CVE-2023-37425 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 6.1 |
| 2023-08-22 | CVE-2023-37426 | Use of Hard-coded Credentials vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. | 7.5 |
| 2023-08-22 | CVE-2023-37427 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. | 7.2 |
| 2023-08-22 | CVE-2023-37428 | Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 7.2 |
| 2023-08-22 | CVE-2023-37429 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 8.1 |
| 2023-08-22 | CVE-2023-37430 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 8.1 |