First published: Tue Aug 22 2023(Updated: )
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
Credit: security-alert@hpe.com security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.0.0<=9.0.5 | |
Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.1.0<=9.1.7 | |
Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.2.0<=9.2.5 | |
Arubanetworks Edgeconnect Sd-wan Orchestrator | =9.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-37423.
The severity of CVE-2023-37423 is high.
The affected software for CVE-2023-37423 is Arubanetworks Edgeconnect Sd-wan Orchestrator versions 9.0.0 to 9.0.5, 9.1.0 to 9.1.7, 9.2.0 to 9.2.5, and 9.3.0.
The CWE number associated with CVE-2023-37423 is CWE-79.
To fix CVE-2023-37423, it is recommended to apply the latest security patches provided by Arubanetworks for EdgeConnect SD-WAN Orchestrator.