Vulnerabilities > Arubanetworks > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-38486 Incorrect Authorization vulnerability in Arubanetworks Arubaos
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing.
local
high complexity
arubanetworks CWE-863
6.4
2023-08-22 CVE-2023-37421 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
network
low complexity
arubanetworks CWE-79
5.4
2023-08-22 CVE-2023-37422 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
network
low complexity
arubanetworks CWE-79
5.4
2023-08-22 CVE-2023-37423 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
network
low complexity
arubanetworks CWE-79
5.4
2023-08-22 CVE-2023-37425 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.
network
low complexity
arubanetworks CWE-79
6.1
2023-08-22 CVE-2023-37435 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
2023-08-22 CVE-2023-37436 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
2023-08-22 CVE-2023-37437 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
2023-08-22 CVE-2023-37438 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
2023-08-22 CVE-2023-37439 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-79
6.1