Vulnerabilities > Arubanetworks > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-01 | CVE-2023-22777 | Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. | 6.5 |
2023-03-01 | CVE-2023-22778 | Cross-site Scripting vulnerability in Arubanetworks Arubaos and Sd-Wan A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
2023-01-05 | CVE-2022-43524 | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 5.4 |
2023-01-05 | CVE-2022-43525 | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2022-43526 | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2022-43527 | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2022-43528 | Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. | 6.5 |
2023-01-05 | CVE-2022-43529 | Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. | 5.4 |
2023-01-05 | CVE-2022-43532 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 4.8 |
2023-01-05 | CVE-2022-43539 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. low complexity arubanetworks | 4.5 |