Lucene search

[email protected]CVE-2022-43519

HistoryJan 05, 2023 - 7:15 a.m.

CVE-2022-43519

2023-01-0507:15:10

CWE-89

[email protected]

web.nvd.nist.gov

aruba

edgeconnect

enterprise orchestrator

sql injection

vulnerabilities

information security

remote attack

cve-2022-43519

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

Affected configurations

NVD

Node

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange≤8.10.23.40015on-premises

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.0.0–9.0.7.40110on-premises

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.1.0–9.1.4.40436on-premises

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.2.0–9.2.1.40179on-premises

Node

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange≤8.10.23.40015as-a-service

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.0.0–9.0.7.40110as-a-service

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.1.0–9.1.4.40436as-a-service

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.2.0–9.2.1.40179as-a-service

Node

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange≤8.10.23.40015global_enterprise_tenant_orchestrators

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.0.0–9.0.7.40110global_enterprise_tenant_orchestrators

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.1.0–9.1.4.40436global_enterprise_tenant_orchestrators

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.2.0–9.2.1.40179global_enterprise_tenant_orchestrators

Node

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange≤8.10.23.40015sp

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.0.0–9.0.7.40110sp

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.1.0–9.1.4.40436sp

arubanetworksaruba_edgeconnect_enterprise_orchestratorRange9.2.0–9.2.1.40179sp

CPENameOperatorVersion
arubanetworks:aruba_edgeconnect_enterprise_orchestratorarubanetworks aruba edgeconnect enterprise orchestratorle8.10.23.40015
arubanetworks:aruba_edgeconnect_enterprise_orchestratorarubanetworks aruba edgeconnect enterprise orchestratorle9.0.7.40110
arubanetworks:aruba_edgeconnect_enterprise_orchestratorarubanetworks aruba edgeconnect enterprise orchestratorle9.1.4.40436
arubanetworks:aruba_edgeconnect_enterprise_orchestratorarubanetworks aruba edgeconnect enterprise orchestratorle9.2.1.40179

CPE	Name	Operator	Version
arubanetworks:aruba_edgeconnect_enterprise_orchestrator	arubanetworks aruba edgeconnect enterprise orchestrator	le	8.10.23.40015
arubanetworks:aruba_edgeconnect_enterprise_orchestrator	arubanetworks aruba edgeconnect enterprise orchestrator	le	9.0.7.40110
arubanetworks:aruba_edgeconnect_enterprise_orchestrator	arubanetworks aruba edgeconnect enterprise orchestrator	le	9.1.4.40436
arubanetworks:aruba_edgeconnect_enterprise_orchestrator	arubanetworks aruba edgeconnect enterprise orchestrator	le	9.2.1.40179

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba EdgeConnect Enterprise Orchestration Software",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned."
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Related for CVE-2022-43519

nvd1 cvelist1 prion1