Reflected XSS Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator
CVE-2022-43527
What is CVE-2022-43527?
The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator has multiple vulnerabilities that could enable remote attackers to perform reflected cross-site scripting (XSS) attacks. By exploiting these vulnerabilities, attackers can execute arbitrary script code within the user's browser. This poses significant risks as it could allow attackers to manipulate user interactions or extract sensitive data through the compromised interface.
Affected Version(s)
Aruba EdgeConnect Enterprise Orchestration Software Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.