cbcvebase.

Hewlett Packard Enterprise Edgeconnect Sd-Wan Orchestrator vulnerabilities

25 known vulnerabilities affecting hewlett_packard_enterprise/edgeconnect_sd-wan_orchestrator.

Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH13MEDIUM11

Vulnerabilities

Page 1 of 2
CVE-2025-37184P2CRITICALCVSS 9.8≥ 9.5.0, ≤ 9.6.0≥ 9.4.0, ≤ 9.4.42026-01-14
CVE-2025-37184 [CRITICAL] CWE-287 CVE-2025-37184: A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacke A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the syst
nvd
CVE-2023-37424P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.5+1 more2023-08-22
CVE-2023-37424 [HIGH] CWE-94 CVE-2023-37424: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands o
nvd
CVE-2023-37427P3HIGHCVSS 7.2≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.5+1 more2023-08-22
CVE-2023-37427 [HIGH] CWE-94 CVE-2023-37427: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compr
nvd
CVE-2023-37428P3HIGHCVSS 7.2≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.5+1 more2023-08-22
CVE-2023-37428 [HIGH] CWE-22 CVE-2023-37428: A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2023-37434P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37434 [HIGH] CWE-89 CVE-2023-37434: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2023-37432P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37432 [HIGH] CWE-89 CVE-2023-37432: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2023-37429P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37429 [HIGH] CWE-89 CVE-2023-37429: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2023-37431P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37431 [HIGH] CWE-89 CVE-2023-37431: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2023-37430P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37430 [HIGH] CWE-89 CVE-2023-37430: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2023-37433P3HIGHCVSS 8.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37433 [HIGH] CWE-89 CVE-2023-37433: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potent
nvd
CVE-2025-37182P3HIGHCVSS 7.2≥ 9.5.0, ≤ 9.6.0≥ 9.4.0, ≤ 9.4.42026-01-14
CVE-2025-37182 [HIGH] CWE-89 CVE-2025-37182: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
nvd
CVE-2025-37183P3HIGHCVSS 7.2≥ 9.5.0, ≤ 9.6.0≥ 9.4.0, ≤ 9.4.42026-01-14
CVE-2025-37183 [HIGH] CWE-89 CVE-2025-37183: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
nvd
CVE-2025-37181P3HIGHCVSS 7.2≥ 9.5.0, ≤ 9.6.0≥ 9.4.0, ≤ 9.4.42026-01-14
CVE-2025-37181 [HIGH] CWE-89 CVE-2025-37181: Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
nvd
CVE-2023-37426P3HIGHCVSS 7.5≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.5+1 more2023-08-22
CVE-2023-37426 [HIGH] CWE-798 CVE-2023-37426: EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
nvd
CVE-2023-37436P3MEDIUMCVSS 6.5≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37436 [MEDIUM] CWE-89 CVE-2023-37436: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37435P3MEDIUMCVSS 6.5≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37435 [MEDIUM] CWE-89 CVE-2023-37435: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37438P3MEDIUMCVSS 6.5≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37438 [MEDIUM] CWE-89 CVE-2023-37438: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37437P3MEDIUMCVSS 6.5≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37437 [MEDIUM] CWE-89 CVE-2023-37437: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37439P4MEDIUMCVSS 6.1≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.5+1 more2023-08-22
CVE-2023-37439 [MEDIUM] CWE-79 CVE-2023-37439: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator co Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database pote
nvd
CVE-2023-37440P4MEDIUMCVSS 5.3≥ Orchestrator 9.3.x, ≤ <=9.3.0≥ Orchestrator 9.2.x, ≤ <=9.2.*+1 more2023-08-22
CVE-2023-37440 [MEDIUM] CWE-918 CVE-2023-37440: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential
nvd
Hewlett Packard Enterprise Edgeconnect Sd-Wan Orchestrator vulnerabilities | cvebase