449 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. Existe una vulnerabilidad de Denegación de Servicio (DoS) autenticada en CLI Service. La explotación exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. Se ha identificado una vulnerabilidad autenticada que permite a un atacante establecer de manera efectiva la ejecución de código arbitrario persistente y altamente privilegiado a lo largo de los ciclos de arranque. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-863: Incorrect Authorization •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Existen múltiples vulnerabilidades de inyección de comandos autenticados en la interfaz de línea de comandos. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •