High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-43506	Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. local low complexity arubanetworks	7.8
2023-10-25	CVE-2023-43507	SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. network low complexity arubanetworks CWE-89	8.8
2023-09-05	CVE-2015-2201	OS Command Injection vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. network low complexity hp arubanetworks CWE-78	7.2
2023-09-05	CVE-2015-2202	Improper Input Validation vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. network low complexity hp arubanetworks CWE-20	7.2
2023-08-22	CVE-2023-37424	Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. network high complexity arubanetworks	8.1
2023-08-22	CVE-2023-37426	Use of Hard-coded Credentials vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. network low complexity arubanetworks CWE-798	7.5
2023-08-22	CVE-2023-37427	Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. network low complexity arubanetworks	7.2
2023-08-22	CVE-2023-37428	Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. network low complexity arubanetworks CWE-22	7.2
2023-08-22	CVE-2023-37429	SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. network low complexity arubanetworks CWE-89	8.1
2023-08-22	CVE-2023-37430	SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. network low complexity arubanetworks CWE-89	8.1