cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-30501,https://securityvulnerability.io/vulnerability/CVE-2023-30501,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"Aruba EdgeConnect Enterprise contains vulnerabilities in its command line interface that enable remote authenticated users to execute arbitrary commands on the underlying host system. This exploitation could result in complete control over the operating system, posing a significant risk to the integrity and security of affected environments. Organizations using the affected versions should implement immediate security measures to mitigate potential threats.",HP (HP),Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30502,https://securityvulnerability.io/vulnerability/CVE-2023-30502,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"The Aruba EdgeConnect Enterprise command line interface contains vulnerabilities that permit remote authenticated users to execute arbitrary commands on the underlying host system. This flaw could lead to a complete system compromise, allowing unauthorized access and control over sensitive data and resources within the network.",HP (HP),Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30503,https://securityvulnerability.io/vulnerability/CVE-2023-30503,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"The Aruba EdgeConnect Enterprise command line interface is vulnerable to command injection, allowing remote authenticated users to execute arbitrary commands on the underlying host system. When exploited, this vulnerability permits attackers to gain root access, potentially leading to a full compromise of the system. This poses significant risks to the integrity and availability of the affected systems, requiring immediate attention and remediation.",HP (HP),Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30504,https://securityvulnerability.io/vulnerability/CVE-2023-30504,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"The Aruba EdgeConnect Enterprise platform contains vulnerabilities within its command line interface, permitting remote authenticated users to execute arbitrary commands on the host system. This exploitation allows attackers to gain root access, potentially leading to a full compromise of the operating system. It is crucial for users of the affected product to apply the latest security patches to mitigate these risks.",HP (HP),Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30506,https://securityvulnerability.io/vulnerability/CVE-2023-30506,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"A command injection vulnerability exists in the command line interface of Aruba EdgeConnect Enterprise. This flaw enables remote authenticated users to execute arbitrary commands on the underlying operating system, leading to potential full system compromise. The vulnerability can be exploited by leveraging the command execution capabilities within the system, posing a significant risk to all operational environments utilizing the affected product.",HP (HP),Aruba Edgeconnect Enterprise Software,8.8,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30507,https://securityvulnerability.io/vulnerability/CVE-2023-30507,Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface,"Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.",HP (HP),Aruba Edgeconnect Enterprise Software,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30510,https://securityvulnerability.io/vulnerability/CVE-2023-30510,Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface,A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.,HP (HP),Aruba Edgeconnect Enterprise Software,4.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30508,https://securityvulnerability.io/vulnerability/CVE-2023-30508,Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface,"Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.",HP (HP),Aruba Edgeconnect Enterprise Software,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30509,https://securityvulnerability.io/vulnerability/CVE-2023-30509,Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface,"Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.",HP (HP),Aruba Edgeconnect Enterprise Software,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2023-30505,https://securityvulnerability.io/vulnerability/CVE-2023-30505,Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface,"A vulnerability in the command line interface of Aruba EdgeConnect Enterprise allows remote authenticated users to execute arbitrary commands on the host system. This exploit can lead to full system compromise, enabling attackers to gain root access on the operating system. Organizations using affected versions of Aruba EdgeConnect Enterprise should review their security measures to prevent unauthorized access and mitigate potential risks.",HP (HP),Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T19:15:00.000Z,0
CVE-2022-43527,https://securityvulnerability.io/vulnerability/CVE-2022-43527,Reflected XSS Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator has multiple vulnerabilities that could enable remote attackers to perform reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, attackers can execute arbitrary script code within the user's browser. This poses significant risks as it could allow attackers to manipulate user interactions or extract sensitive data through the compromised interface.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43520,https://securityvulnerability.io/vulnerability/CVE-2022-43520,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities exist within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. These vulnerabilities enable an authenticated remote attacker to exploit SQL injection flaws, allowing unauthorized access to sensitive data within the underlying database. Successful exploitation could lead to data manipulation and the potential for complete compromise of Aruba EdgeConnect Enterprise Orchestrator instances across various versions, affecting the overall integrity and security of the system.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43523,https://securityvulnerability.io/vulnerability/CVE-2022-43523,SQL Injection Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator is susceptible to multiple SQL injection vulnerabilities. An authenticated remote attacker can exploit these weaknesses to perform SQL injection attacks on the system, potentially gaining access to sensitive information stored within the database. These vulnerabilities may allow the attacker to modify or retrieve confidential data, ultimately leading to a complete system compromise of the Aruba EdgeConnect Enterprise Orchestrator. This affects various versions of the Orchestrator software including on-premises and as-a-Service deployments.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43528,https://securityvulnerability.io/vulnerability/CVE-2022-43528,Multi-Factor Authentication Bypass in Aruba EdgeConnect Enterprise Orchestrator,"Under specific configurations, an attacker may gain unauthorized access to the Aruba EdgeConnect Enterprise Orchestrator by circumventing the multi-factor authentication (MFA) mechanism. This allows for login using only a valid username and password. The vulnerability affects multiple versions of the Orchestrator, including both on-premises and as-a-service deployments, potentially placing sensitive data and network security at risk.",HP,Aruba Edgeconnect Enterprise Orchestration Software,4.8,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43529,https://securityvulnerability.io/vulnerability/CVE-2022-43529,Session Persistence Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator, allowing an authenticated remote attacker to maintain an active session even after a password reset or similar event intended to invalidate their session. This could potentially enable unauthorized access to the system with the same permissions granted during the active session, posing significant security implications for affected versions of the product.",HP,Aruba Edgeconnect Enterprise Orchestration Software,4.6,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43521,https://securityvulnerability.io/vulnerability/CVE-2022-43521,SQL Injection Vulnerability in Aruba EdgeConnect Enterprise Orchestrator by Aruba Networks,"Multiple vulnerabilities exist in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that could be exploited by an authenticated remote attacker to perform SQL injection attacks. This exploitation could allow an attacker to access and alter sensitive information in the application's underlying database. The severity of these vulnerabilities could lead to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator instance, impacting the security and integrity of the entire orchestration system.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43522,https://securityvulnerability.io/vulnerability/CVE-2022-43522,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities have been identified in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. These vulnerabilities could allow an authenticated remote attacker to execute SQL injection attacks against the system, giving them the ability to access and modify sensitive information stored in the underlying database. Such exploits could potentially lead to a complete compromise of the affected Aruba EdgeConnect Enterprise Orchestrator instances. Users must ensure their installations are updated to the latest recommended versions to mitigate these risks.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-44535,https://securityvulnerability.io/vulnerability/CVE-2022-44535,Privilege Escalation in Aruba EdgeConnect Enterprise Orchestrator Management Interface,"A security flaw in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator enables authenticated low-privileged users to escalate their privileges to that of an administrative user. This privilege escalation could allow attackers to gain complete control over the system, potentially leading to severe misconfigurations or data exposure. The affected versions include Aruba EdgeConnect Enterprise Orchestrator 9.2.1.40179 and below, 9.1.4.40436 and below, 9.0.7.40110 and below, 8.10.23.40015 and below, and any earlier branches not explicitly listed.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43524,https://securityvulnerability.io/vulnerability/CVE-2022-43524,Stored Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that enables an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack. By exploiting this vulnerability, the attacker can execute arbitrary scripts in the browser of an administrative user, essentially compromising their session and potentially leading to further unauthorized actions within the system. This vulnerability affects multiple versions of Aruba EdgeConnect Enterprise Orchestrator, including both on-premises instances and various as-a-service offerings.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.7,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43525,https://securityvulnerability.io/vulnerability/CVE-2022-43525,Reflective Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"A vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that enables remote attackers to initiate reflected cross-site scripting (XSS) attacks. By exploiting this flaw, an attacker could execute arbitrary script code in the browser of a user interacting with the affected interface. This vulnerability impacts various versions of the Aruba EdgeConnect Enterprise Orchestrator, including on-premises and service models, potentially allowing for unauthorized actions and data manipulation within the enterprise environment.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-43519,https://securityvulnerability.io/vulnerability/CVE-2022-43519,SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator,"Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator allow authenticated remote attackers to exploit SQL injection flaws. By leveraging these vulnerabilities, attackers can gain unauthorized access to sensitive information within the database, enabling them to potentially manipulate data and achieve full compromise of the Orchestrator instance. This affects various versions of Aruba EdgeConnect Enterprise Orchestrator, both on-premises and as a service, posing a significant risk to organizational security.",HP,Aruba Edgeconnect Enterprise Orchestration Software,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-01-05T07:15:00.000Z,0
CVE-2022-44534,https://securityvulnerability.io/vulnerability/CVE-2022-44534,Aruba EdgeConnect Enterprise Orchestrator Vulnerability in Web Management Interface,"A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator's web-based management interface permits remote authenticated users to execute arbitrary commands on the host system. If exploited, this flaw can grant attackers root-level access to the underlying operating system, resulting in a total compromise of the affected systems. The issue impacts various versions of Aruba EdgeConnect Enterprise Orchestrator, emphasizing the urgent need for users to update to the latest versions to mitigate this risk.",HP,Aruba Edgeconnect Enterprise Orchestration Software,7.2,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-01-03T19:47:01.504Z,0
CVE-2022-43526,https://securityvulnerability.io/vulnerability/CVE-2022-43526,Reflected Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator,"The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator contains vulnerabilities that enable remote attackers to execute reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, an attacker can inject and execute arbitrary script code in the browsers of users interacting with the affected interface, potentially compromising the confidentiality and integrity of user data and session information.",HP,Aruba Edgeconnect Enterprise Orchestration Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-01-03T19:34:18.122Z,0
CVE-2022-37924,https://securityvulnerability.io/vulnerability/CVE-2022-37924,Command Injection Vulnerability in Aruba EdgeConnect Enterprise by Aruba Networks,"Aruba EdgeConnect Enterprise has a vulnerability in its command line interface that permits remote authenticated users to execute arbitrary commands on the underlying host. This flaw can enable attackers to run commands with root privileges on the operating system, resulting in a full system compromise if successfully exploited. Affected versions include ECOS 9.2.1.0 and earlier, ECOS 9.1.3.0 and earlier, ECOS 9.0.7.0 and earlier, and ECOS 8.3.7.1 and earlier.",HP,Aruba Edgeconnect Enterprise Software,7.2,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2022-12-12T13:15:00.000Z,0
CVE-2022-37925,https://securityvulnerability.io/vulnerability/CVE-2022-37925,Reflected Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise,"A security vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise that may allow a remote attacker to exploit reflected cross-site scripting (XSS). By manipulating the interface, an attacker can execute arbitrary script code within a user's browser, posing significant risks to data integrity and user security. The affected versions include ECOS 9.2.1.0 and earlier, 9.1.3.0 and earlier, 9.0.7.0 and earlier, and 8.3.7.1 and earlier. Immediate action should be taken to mitigate these risks.",HP,Aruba Edgeconnect Enterprise Software,6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-12-12T13:15:00.000Z,0