Reflective Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator
CVE-2022-43525

6.1MEDIUM

Key Information:

Vendor: HP
Status: Aruba Edgeconnect Enterprise Orchestration Software
Vendor: CVE Published:; 5 January 2023

Summary

A vulnerability exists in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator that enables remote attackers to initiate reflected cross-site scripting (XSS) attacks. By exploiting this flaw, an attacker could execute arbitrary script code in the browser of a user interacting with the affected interface. This vulnerability impacts various versions of the Aruba EdgeConnect Enterprise Orchestrator, including on-premises and service models, potentially allowing for unauthorized actions and data manipulation within the enterprise environment.

Affected Version(s)

Aruba EdgeConnect Enterprise Orchestration Software Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
Oct 20, 2022