cbcvebase.

Arubanetworks Edgeconnect Sd-Wan Orchestrator vulnerabilities

29 known vulnerabilities affecting arubanetworks/edgeconnect_sd-wan_orchestrator.

Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM12

Vulnerabilities

Page 2 of 2
CVE-2023-37437P3MEDIUMCVSS 6.5fixed in 9.3.12023-08-22
CVE-2023-37437 [MEDIUM] CWE-89 CVE-2023-37437: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37439P4MEDIUMCVSS 6.1fixed in 9.1.8≥ 9.2.0, < 9.2.6+1 more2023-08-22
CVE-2023-37439 [MEDIUM] CWE-79 CVE-2023-37439: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37440P4MEDIUMCVSS 5.3fixed in 9.3.12023-08-22
CVE-2023-37440 [MEDIUM] CWE-918 CVE-2023-37440: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential
nvd
CVE-2023-37425P4MEDIUMCVSS 6.1≥ 9.0.0, ≤ 9.0.5≥ 9.1.0, ≤ 9.1.7+2 more2023-08-22
CVE-2023-37425 [MEDIUM] CWE-79 CVE-2023-37425: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of
nvd
CVE-2024-22444P4MEDIUMCVSS 6.1≥ 9.1.0, ≤ 9.1.9≥ 9.2.0, ≤ 9.2.9+2 more2024-07-24
CVE-2024-22444 [MEDIUM] CWE-79 CVE-2024-22444: A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could a A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface
nvd
CVE-2023-37422P4MEDIUMCVSS 5.4≥ 9.0.0, ≤ 9.0.5≥ 9.1.0, ≤ 9.1.7+2 more2023-08-22
CVE-2023-37422 [MEDIUM] CWE-79 CVE-2023-37422: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of th
nvd
CVE-2023-37423P4MEDIUMCVSS 5.4≥ 9.0.0, ≤ 9.0.5≥ 9.1.0, ≤ 9.1.7+2 more2023-08-22
CVE-2023-37423 [MEDIUM] CWE-79 CVE-2023-37423: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of th
nvd
CVE-2023-37421P4MEDIUMCVSS 5.4≥ 9.0.0, ≤ 9.0.5≥ 9.1.0, ≤ 9.1.7+2 more2023-08-22
CVE-2023-37421 [MEDIUM] CWE-79 CVE-2023-37421: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of th
nvd
CVE-2025-37185P4MEDIUMCVSS 4.8≥ 9.2.0, ≤ 9.2.10≥ 9.3.0, ≤ 9.3.6+3 more2026-01-14
CVE-2025-37185 [MEDIUM] CWE-79 CVE-2025-37185: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of t
nvd
Arubanetworks Edgeconnect Sd-Wan Orchestrator vulnerabilities | cvebase