CVE-2023-37431: Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface
First published: Tue Aug 22 2023(Updated: )
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.0.0<=9.0.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.1.0<=9.1.7 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.2.0<=9.2.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | =9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-37431?
CVE-2023-37431 is a vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator that allows an authenticated remote attacker to conduct SQL injection attacks.
Is CVE-2023-37431 high severity?
Yes, CVE-2023-37431 has a high severity rating of 8.1.
How does CVE-2023-37431 affect Arubanetworks Edgeconnect Sd-wan Orchestrator?
CVE-2023-37431 affects Arubanetworks Edgeconnect Sd-wan Orchestrator versions 9.0.0 to 9.0.5, 9.1.0 to 9.1.7, 9.2.0 to 9.2.5, and 9.3.0.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-37431?
The CWE ID for CVE-2023-37431 is CWE-89.
How can I fix CVE-2023-37431?
To fix CVE-2023-37431, it is recommended to update Arubanetworks Edgeconnect Sd-wan Orchestrator to a version that is not affected by the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect sd-wan orchestrator
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.7
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.3.0