Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-01	CVE-2023-22777	Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. network low complexity arubanetworks CWE-668	6.5
2023-03-01	CVE-2023-22778	Cross-site Scripting vulnerability in Arubanetworks Arubaos and Sd-Wan A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. network low complexity arubanetworks CWE-79	4.8
2023-01-05	CVE-2022-43524	Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. network low complexity arubanetworks CWE-79	5.4
2023-01-05	CVE-2022-43525	Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. network low complexity arubanetworks CWE-79	6.1
2023-01-05	CVE-2022-43526	Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. network low complexity arubanetworks CWE-79	6.1
2023-01-05	CVE-2022-43527	Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. network low complexity arubanetworks CWE-79	6.1
2023-01-05	CVE-2022-43528	Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. network low complexity arubanetworks	6.5
2023-01-05	CVE-2022-43529	Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. network low complexity arubanetworks CWE-384	5.4
2023-01-05	CVE-2022-43532	Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. network low complexity arubanetworks CWE-79	4.8
2023-01-05	CVE-2022-43539	Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. low complexity arubanetworks	4.5