Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edgeconnect_sd\-Wan_orchestrator
(Arubanetworks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-24 | CVE-2024-22443 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | Edgeconnect_sd\-Wan_orchestrator | 8.8 | ||
| 2024-07-24 | CVE-2024-41914 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | Edgeconnect_sd\-Wan_orchestrator | 9.0 | ||
| 2024-07-24 | CVE-2024-22444 | A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. | Edgeconnect_sd\-Wan_orchestrator | 6.1 | ||
| 2024-07-24 | CVE-2024-41136 | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | Edgeconnect_sd\-Wan_orchestrator | 8.8 |