Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-37429

Опубликовано: 22 авг. 2023
Источник: nvd
CVSS3: 6.5
CVSS3: 8.1
EPSS Низкий

Описание

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.5 (включая)
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
Версия от 9.1.0 (включая) до 9.1.7 (включая)
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
Версия от 9.2.0 (включая) до 9.2.5 (включая)
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.00109
Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-qcqv-xxvf-w3cv

CVSS3: 6.5
github
больше 2 лет назад

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

EPSS

Процентиль: 30%
0.00109
Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-89