cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-22444,https://securityvulnerability.io/vulnerability/CVE-2024-22444,Reflected Cross-Site Scripting Vulnerability in EdgeConnect SD-WAN Orchestrator Could Lead to Arbitrary Code Execution,A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface.,HP,HP Aruba Networking Edgeconnect Sd-wan Orchestrator,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-24T15:17:18.394Z,0 CVE-2024-22443,https://securityvulnerability.io/vulnerability/CVE-2024-22443,Server-side Prototype Pollution Vulnerability Could Lead to System Compromise,"A vulnerability exists in the web-based management interface of the EdgeConnect SD-WAN Orchestrator, enabling authenticated remote attackers to carry out server-side prototype pollution attacks. Exploiting this flaw can lead to arbitrary command execution on the underlying operating system, potentially resulting in complete system takeover. Organizations using the affected product are urged to assess their exposure and implement necessary security measures to protect their systems.",HP,HP Aruba Networking Edgeconnect Sd-wan Orchestrator,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-07-24T15:08:07.150Z,0 CVE-2024-41914,https://securityvulnerability.io/vulnerability/CVE-2024-41914,Stored Cross-Site Scripting (XSS) Vulnerability in EdgeConnect SD-WAN Orchestrator,"A vulnerability exists in the web-based management interface of HPE's EdgeConnect SD-WAN Orchestrator, which can be exploited by an authenticated remote attacker to initiate a stored cross-site scripting (XSS) attack. This flaw allows the execution of arbitrary script code in the browser of an administrative user interacting with the affected interface. The dynamic nature of the web-based interface may allow the attacker to store malicious scripts, which are then executed whenever an administrator accesses the compromised section. Proper security measures and updates are necessary to mitigate this potential risk.",HP,HP Aruba Networking Edgeconnect Sd-wan Orchestrator,9,CRITICAL,0.0005000000237487257,false,false,false,false,,false,false,2024-07-24T14:57:55.556Z,0 CVE-2023-37422,https://securityvulnerability.io/vulnerability/CVE-2023-37422,Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface,"A vulnerability has been identified in the web-based management interface of EdgeConnect SD-WAN Orchestrator, allowing authenticated remote attackers to mount stored cross-site scripting (XSS) attacks. If exploited, this vulnerability can lead to the execution of arbitrary script code in the browser of an administrative user, posing significant security risks. Administrators must ensure proper security measures are in place to mitigate these types of attacks and safeguard the integrity of their web management systems.",HP,Edgeconnect Sd-wan Orchestrator,8.1,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37428,https://securityvulnerability.io/vulnerability/CVE-2023-37428,Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface,"A vulnerability in the web management interface of the EdgeConnect SD-WAN Orchestrator enables remote authenticated users to execute arbitrary commands on the host operating system. This flaw poses a significant risk as it can result in complete system compromise, granting attackers root access. Immediate action is recommended to mitigate potential threats.",HP,Edgeconnect Sd-wan Orchestrator,7.2,HIGH,0.0013500000350177288,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37421,https://securityvulnerability.io/vulnerability/CVE-2023-37421,Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface,Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.,HP,Edgeconnect Sd-wan Orchestrator,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37423,https://securityvulnerability.io/vulnerability/CVE-2023-37423,Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface,"The web-based management interface of EdgeConnect SD-WAN Orchestrator contains vulnerabilities that may allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack on an administrative user. When exploited, this vulnerability enables the attacker to run arbitrary script code in the victim's browser, potentially compromising sensitive information or furthering intrusion attempts within the affected environment.",HP,Edgeconnect Sd-wan Orchestrator,8.1,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37424,https://securityvulnerability.io/vulnerability/CVE-2023-37424,Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface,"The web-based management interface of Aruba Networks' EdgeConnect SD-WAN Orchestrator contains a vulnerability that enables an unauthenticated attacker to execute arbitrary commands on the underlying operating system. This may occur if specific preconditions are met that are beyond the attacker's control. Successful exploitation could lead to significant security breaches, including full system compromise, making it essential for organizations to promptly patch this vulnerability.",HP,Edgeconnect Sd-wan Orchestrator,8.1,HIGH,0.0019000000320374966,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37425,https://securityvulnerability.io/vulnerability/CVE-2023-37425,Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface,"A vulnerability exists in the web-based management interface of EdgeConnect SD-WAN Orchestrator that permits an unauthenticated remote attacker to execute stored cross-site scripting (XSS) attacks. This security flaw can enable the execution of arbitrary script code in the context of an administrative user's browser session, posing a significant security risk to the affected interface.",HP,Edgeconnect Sd-wan Orchestrator,8,HIGH,0.0011699999449774623,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37426,https://securityvulnerability.io/vulnerability/CVE-2023-37426,Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator,"Instances of Aruba EdgeConnect SD-WAN Orchestrator prior to the resolutions provided in the advisory were found to utilize shared static SSH host keys across all installations. This vulnerability presents an opportunity for attackers to spoof the SSH host signature, allowing them to pose as a legitimate Orchestrator host and potentially gain unauthorized access.",HP,Edgeconnect Sd-wan Orchestrator,7.4,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37429,https://securityvulnerability.io/vulnerability/CVE-2023-37429,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37430,https://securityvulnerability.io/vulnerability/CVE-2023-37430,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37432,https://securityvulnerability.io/vulnerability/CVE-2023-37432,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37433,https://securityvulnerability.io/vulnerability/CVE-2023-37433,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37434,https://securityvulnerability.io/vulnerability/CVE-2023-37434,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37435,https://securityvulnerability.io/vulnerability/CVE-2023-37435,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37436,https://securityvulnerability.io/vulnerability/CVE-2023-37436,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37438,https://securityvulnerability.io/vulnerability/CVE-2023-37438,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37439,https://securityvulnerability.io/vulnerability/CVE-2023-37439,Reflected Cross Site Scripting in EdgeConnect SD-WAN Orchestrator Web Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.1,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37440,https://securityvulnerability.io/vulnerability/CVE-2023-37440,Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure,"A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. ",HP,Edgeconnect Sd-wan Orchestrator,5.3,MEDIUM,0.0011099999537691474,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37427,https://securityvulnerability.io/vulnerability/CVE-2023-37427,Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface,A security flaw in the web-based management interface of EdgeConnect SD-WAN Orchestrator allows authenticated remote attackers to execute arbitrary commands on the host system. This could potentially compromise the entire system by enabling full root access to the underlying operating system.,HP,Edgeconnect Sd-wan Orchestrator,7.2,HIGH,0.0017999999690800905,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37431,https://securityvulnerability.io/vulnerability/CVE-2023-37431,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0 CVE-2023-37437,https://securityvulnerability.io/vulnerability/CVE-2023-37437,Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface,"Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. ",HP,Edgeconnect Sd-wan Orchestrator,6.5,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2023-08-22T19:16:00.000Z,0