Vulnerabilities > Arubanetworks > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-37436 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
6.5
2023-08-22 CVE-2023-37437 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
6.5
2023-08-22 CVE-2023-37438 SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-89
6.5
6.5
2023-08-22 CVE-2023-37439 Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
network
low complexity
arubanetworks CWE-79
6.1
6.1
2023-08-22 CVE-2023-37440 Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack.
network
low complexity
arubanetworks CWE-918
5.3
5.3
2023-07-05 CVE-2023-35971 Cross-site Scripting vulnerability in Arubanetworks Arubaos
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
arubanetworks CWE-79
6.1
6.1
2023-07-05 CVE-2023-35976 Unspecified vulnerability in Arubanetworks Arubaos
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface.
network
low complexity
arubanetworks
6.5
6.5
2023-07-05 CVE-2023-35977 Unspecified vulnerability in Arubanetworks Arubaos
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface.
network
low complexity
arubanetworks
6.5
6.5
2023-07-05 CVE-2023-35978 Cross-site Scripting vulnerability in Arubanetworks Arubaos
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface.
network
low complexity
arubanetworks CWE-79
6.1
6.1
2023-05-16 CVE-2023-30507 Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
network
low complexity
arubanetworks CWE-22
6.5
6.5