Arubanetworks Edgeconnect Enterprise vulnerabilities
25 known vulnerabilities affecting arubanetworks/edgeconnect_enterprise.
Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH15MEDIUM10
Vulnerabilities
Page 2 of 2
CVE-2023-30508P3MEDIUMCVSS 6.5≤ 9.0.8.0≥ 9.1.0.0, ≤ 9.1.5.0+1 more2023-05-16
CVE-2023-30508 [MEDIUM] CWE-22 CVE-2023-30508: Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise comm
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
nvd
CVE-2020-12149P3MEDIUMCVSS 6.8≥ 8.1, < 8.1.9.15≥ 8.3.0, < 8.3.0.8+2 more2020-12-11
CVE-2020-12149 [MEDIUM] CWE-78 CVE-2020-12149: The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authen
nvd
CVE-2022-37925P4MEDIUMCVSS 6.1≥ 8.3.1.0, ≤ 8.3.7.1≥ 9.0.0.0, ≤ 9.0.7.0+2 more2022-12-12
CVE-2022-37925 [MEDIUM] CWE-79 CVE-2022-37925: A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allo
A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface i
nvd
CVE-2022-37926P4MEDIUMCVSS 5.4≥ 8.3.1.0, ≤ 8.3.7.1≥ 9.0.0.0, ≤ 9.0.7.0+2 more2022-12-12
CVE-2022-37926 [MEDIUM] CWE-79 CVE-2022-37926: A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a re
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the contex
nvd
CVE-2023-30510P4MEDIUMCVSS 4.3≤ 9.0.8.0≥ 9.1.0.0, ≤ 9.1.5.0+1 more2023-05-16
CVE-2023-30510 [MEDIUM] CVE-2023-30510: A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remo
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba
nvd
← Previous2 / 2