Vulnerabilities > Arubanetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-38486 | Incorrect Authorization vulnerability in Arubanetworks Arubaos A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. | 6.4 |
| 2023-08-22 | CVE-2023-37421 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37422 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37423 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37425 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 6.1 |
| 2023-08-22 | CVE-2023-37435 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37436 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37437 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37438 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37439 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.1 |