Vulnerabilities > Arubanetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2022-43528 | Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. | 6.5 |
| 2023-01-05 | CVE-2022-43529 | Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. | 5.4 |
| 2023-01-05 | CVE-2022-43532 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 4.8 |
| 2023-01-05 | CVE-2022-43539 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. low complexity arubanetworks | 4.5 |
| 2023-01-05 | CVE-2022-43540 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. | 5.5 |
| 2022-12-12 | CVE-2022-37908 | Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. | 6.5 |
| 2022-12-12 | CVE-2022-37909 | Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. high complexity arubanetworks | 5.3 |
| 2022-12-12 | CVE-2022-37910 | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan A buffer overflow vulnerability exists in the ArubaOS command line interface. | 6.5 |
| 2022-12-12 | CVE-2022-37911 | XXE vulnerability in Arubanetworks Arubaos and Sd-Wan Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. | 5.5 |
| 2022-12-12 | CVE-2022-37925 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Enterprise A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |