cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-44535,https://securityvulnerability.io/vulnerability/CVE-2022-44535,Privilege Escalation in Aruba EdgeConnect Enterprise Orchestrator Management Interface,"A security flaw in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator enables authenticated low-privileged users to escalate their privileges to that of an administrative user. This privilege escalation could allow attackers to gain complete control over the system, potentially leading to severe misconfigurations or data exposure. The affected versions include Aruba EdgeConnect Enterprise Orchestrator 9.2.1.40179 and below, 9.1.4.40436 and below, 9.0.7.40110 and below, 8.10.23.40015 and below, and any earlier branches not explicitly listed.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43522,https://securityvulnerability.io/vulnerability/CVE-2022-43522,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities have been identified in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. These vulnerabilities could allow an authenticated remote attacker to execute SQL injection attacks against the system, giving them the ability to access and modify sensitive information stored in the underlying database. Such exploits could potentially lead to a complete compromise of the affected Aruba EdgeConnect Enterprise Orchestrator instances. Users must ensure their installations are updated to the latest recommended versions to mitigate these risks.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43524,https://securityvulnerability.io/vulnerability/CVE-2022-43524,Stored Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that enables an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack. By exploiting this vulnerability, the attacker can execute arbitrary scripts in the browser of an administrative user, essentially compromising their session and potentially leading to further unauthorized actions within the system. This vulnerability affects multiple versions of Aruba EdgeConnect Enterprise Orchestrator, including both on-premises instances and various as-a-service offerings.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.7,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43525,https://securityvulnerability.io/vulnerability/CVE-2022-43525,Reflective Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that enables remote attackers to initiate reflected cross-site scripting (XSS) attacks. By exploiting this flaw, an attacker could execute arbitrary script code in the browser of a user interacting with the affected interface. This vulnerability impacts various versions of the Aruba EdgeConnect Enterprise Orchestrator, including on-premises and service models, potentially allowing for unauthorized actions and data manipulation within the enterprise environment.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43529,https://securityvulnerability.io/vulnerability/CVE-2022-43529,Session Persistence Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator, allowing an authenticated remote attacker to maintain an active session even after a password reset or similar event intended to invalidate their session. This could potentially enable unauthorized access to the system with the same permissions granted during the active session, posing significant security implications for affected versions of the product.",HP,Aruba Edgeconnect Enterprise Orchestration Software,4.6,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43521,https://securityvulnerability.io/vulnerability/CVE-2022-43521,SQL Injection Vulnerability in Aruba EdgeConnect Enterprise Orchestrator by Aruba Networks,"Multiple vulnerabilities exist in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that could be exploited by an authenticated remote attacker to perform SQL injection attacks. This exploitation could allow an attacker to access and alter sensitive information in the application's underlying database. The severity of these vulnerabilities could lead to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator instance, impacting the security and integrity of the entire orchestration system.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43527,https://securityvulnerability.io/vulnerability/CVE-2022-43527,Reflected XSS Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator has multiple vulnerabilities that could enable remote attackers to perform reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, attackers can execute arbitrary script code within the user's browser. This poses significant risks as it could allow attackers to manipulate user interactions or extract sensitive data through the compromised interface.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43519,https://securityvulnerability.io/vulnerability/CVE-2022-43519,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator allow authenticated remote attackers to exploit SQL injection flaws. By leveraging these vulnerabilities, attackers can gain unauthorized access to sensitive information within the database, enabling them to potentially manipulate data and achieve full compromise of the Orchestrator instance. This affects various versions of Aruba EdgeConnect Enterprise Orchestrator, both on-premises and as a service, posing a significant risk to organizational security.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43520,https://securityvulnerability.io/vulnerability/CVE-2022-43520,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities exist within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. These vulnerabilities enable an authenticated remote attacker to exploit SQL injection flaws, allowing unauthorized access to sensitive data within the underlying database. Successful exploitation could lead to data manipulation and the potential for complete compromise of Aruba EdgeConnect Enterprise Orchestrator instances across various versions, affecting the overall integrity and security of the system.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43523,https://securityvulnerability.io/vulnerability/CVE-2022-43523,SQL Injection Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator is susceptible to multiple SQL injection vulnerabilities. An authenticated remote attacker can exploit these weaknesses to perform SQL injection attacks on the system, potentially gaining access to sensitive information stored within the database. These vulnerabilities may allow the attacker to modify or retrieve confidential data, ultimately leading to a complete system compromise of the Aruba EdgeConnect Enterprise Orchestrator. This affects various versions of the Orchestrator software including on-premises and as-a-Service deployments.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43528,https://securityvulnerability.io/vulnerability/CVE-2022-43528,Multi-Factor Authentication Bypass in Aruba EdgeConnect Enterprise Orchestrator,"Under specific configurations, an attacker may gain unauthorized access to the Aruba EdgeConnect Enterprise Orchestrator by circumventing the multi-factor authentication (MFA) mechanism. This allows for login using only a valid username and password. The vulnerability affects multiple versions of the Orchestrator, including both on-premises and as-a-service deployments, potentially placing sensitive data and network security at risk.",HP,Aruba Edgeconnect Enterprise Orchestration Software,4.8,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-44534,https://securityvulnerability.io/vulnerability/CVE-2022-44534,Aruba EdgeConnect Enterprise Orchestrator Vulnerability in Web Management Interface,"A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator's web-based management interface permits remote authenticated users to execute arbitrary commands on the host system. If exploited, this flaw can grant attackers root-level access to the underlying operating system, resulting in a total compromise of the affected systems. The issue impacts various versions of Aruba EdgeConnect Enterprise Orchestrator, emphasizing the urgent need for users to update to the latest versions to mitigate this risk.",HP,Aruba Edgeconnect Enterprise Orchestration Software,7.2,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-01-03T19:47:01.504Z,0
CVE-2022-43526,https://securityvulnerability.io/vulnerability/CVE-2022-43526,Reflected Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator contains vulnerabilities that enable remote attackers to execute reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, an attacker can inject and execute arbitrary script code in the browsers of users interacting with the affected interface, potentially compromising the confidentiality and integrity of user data and session information.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-03T19:34:18.122Z,0