Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure
CVE-2023-37440
5.3MEDIUM
What is CVE-2023-37440?
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal   structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.
Affected Version(s)
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.2.x