Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-05	CVE-2022-43532	Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. network low complexity arubanetworks CWE-79	4.8
2023-01-05	CVE-2022-43539	Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. low complexity arubanetworks	4.5
2023-01-05	CVE-2022-43540	Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. local low complexity arubanetworks	5.5
2022-12-12	CVE-2022-37908	Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. network low complexity arubanetworks	6.5
2022-12-12	CVE-2022-37909	Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. high complexity arubanetworks	5.3
2022-12-12	CVE-2022-37910	Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan A buffer overflow vulnerability exists in the ArubaOS command line interface. network low complexity arubanetworks CWE-120	6.5
2022-12-12	CVE-2022-37911	XXE vulnerability in Arubanetworks Arubaos and Sd-Wan Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. network low complexity arubanetworks CWE-611	5.5
2022-12-12	CVE-2022-37925	Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Enterprise A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. network low complexity arubanetworks CWE-79	6.1
2022-12-12	CVE-2022-37926	Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Enterprise A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. network low complexity arubanetworks CWE-79	5.4
2022-12-12	CVE-2022-43518	Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. network low complexity arubanetworks CWE-22	6.5