cbcvebase.
CVE-2023-30510
published 2023-05-16

CVE-2023-30510: A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from…

PriorityP426medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.58%
43.3th percentile
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.

Affected

7 ranges
VendorProductVersion rangeFixed in
arubanetworksedgeconnect_enterprise<= 9.0.8.0
arubanetworksedgeconnect_enterprise9.1.0.0 – 9.1.5.0
arubanetworksedgeconnect_enterprise9.2.0.0 – 9.2.3.0
hewlett_packard_enterprisearuba_edgeconnect_enterprise_softwareECOS 8.x.x.x – all
hewlett_packard_enterprisearuba_edgeconnect_enterprise_softwareECOS 9.0.x.x – 9.0.8.0
hewlett_packard_enterprisearuba_edgeconnect_enterprise_softwareECOS 9.1.x.x – 9.1.5.0
hewlett_packard_enterprisearuba_edgeconnect_enterprise_softwareECOS 9.2.x.x – 9.2.3.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.