Vulnerabilities > Arubanetworks > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-22777 Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface.
network
low complexity
arubanetworks CWE-668
6.5
2023-03-01 CVE-2023-22778 Cross-site Scripting vulnerability in Arubanetworks Arubaos and Sd-Wan
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
arubanetworks CWE-79
4.8
2023-01-05 CVE-2022-43524 Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.
network
low complexity
arubanetworks CWE-79
5.4
2023-01-05 CVE-2022-43525 Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
arubanetworks CWE-79
6.1
2023-01-05 CVE-2022-43526 Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
arubanetworks CWE-79
6.1
2023-01-05 CVE-2022-43527 Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
arubanetworks CWE-79
6.1
2023-01-05 CVE-2022-43528 Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code.
network
low complexity
arubanetworks
6.5
2023-01-05 CVE-2022-43529 Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event.
network
low complexity
arubanetworks CWE-384
5.4
2023-01-05 CVE-2022-43532 Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.
network
low complexity
arubanetworks CWE-79
4.8
2023-01-05 CVE-2022-43539 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information.
low complexity
arubanetworks
4.5