CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23054 – Authenticated Response Manipulation allows Unauthorized Actions in Management Interface
https://notcve.org/view.php?id=CVE-2025-23054
28 Jan 2025 — A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files, potentially leading to unauthorized changes in critical system configurations. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23057 – Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
https://notcve.org/view.php?id=CVE-2025-23057
28 Jan 2025 — A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23056 – Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
https://notcve.org/view.php?id=CVE-2025-23056
28 Jan 2025 — A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23055 – Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
https://notcve.org/view.php?id=CVE-2025-23055
28 Jan 2025 — A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23052 – Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface
https://notcve.org/view.php?id=CVE-2025-23052
14 Jan 2025 — Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlyin... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04723en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23051 – Authenticated Remote Code Execution in AOS Web-based Management Interface
https://notcve.org/view.php?id=CVE-2025-23051
14 Jan 2025 — An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbi... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04723en_us&docLocale=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54010 – Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches
https://notcve.org/view.php?id=CVE-2024-54010
08 Jan 2025 — A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leadi... • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54007 – Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge
https://notcve.org/view.php?id=CVE-2024-54007
07 Jan 2025 — Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54006 – Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge
https://notcve.org/view.php?id=CVE-2024-54006
07 Jan 2025 — Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54009
https://notcve.org/view.php?id=CVE-2024-54009
19 Dec 2024 — Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04764en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •