Reflected Cross-Site Scripting Vulnerability in Aruba EdgeConnect Enterprise Orchestrator
CVE-2022-43526

6.1MEDIUM

Key Information:

Vendor: HP
Status: Aruba Edgeconnect Enterprise Orchestration Software
Vendor: CVE Published:; 3 January 2023

Summary

The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator contains vulnerabilities that enable remote attackers to execute reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, an attacker can inject and execute arbitrary script code in the browsers of users interacting with the affected interface, potentially compromising the confidentiality and integrity of user data and session information.

Affected Version(s)

Aruba EdgeConnect Enterprise Orchestration Software Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 3, 2023
Vulnerability Reserved
Oct 20, 2022