CVE-2023-30510
4.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Summary
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software | ECOS 9.2.x.x <= 9.2.3.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software | ECOS 9.1.x.x <= 9.1.5.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software | ECOS 9.0.x.x <= 9.0.8.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software | ECOS 8.x.x.x <= all | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.