Vulnerabilities > Arubanetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-35977 | Unspecified vulnerability in Arubanetworks Arubaos Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. | 6.5 |
| 2023-07-05 | CVE-2023-35978 | Cross-site Scripting vulnerability in Arubanetworks Arubaos A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. | 6.1 |
| 2023-05-16 | CVE-2023-30507 | Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | 6.5 |
| 2023-05-16 | CVE-2023-30508 | Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | 6.5 |
| 2023-05-16 | CVE-2023-30509 | Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | 6.5 |
| 2023-05-16 | CVE-2023-30510 | Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. | 4.3 |
| 2023-05-08 | CVE-2023-22791 | A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. | 4.8 |
| 2023-03-22 | CVE-2023-25593 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2023-03-22 | CVE-2023-25595 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. | 5.5 |
| 2023-03-22 | CVE-2023-25596 | Cleartext Storage of Sensitive Information vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. | 4.9 |