CVE-2023-37435

🗓️ 22 Aug 2023 18:08:21Reported by hpeType

Multiple SQL injection vulnerabilities in EdgeConnect SD-WAN Orchestrator's web interface allow authenticated remote attackers to access and modify sensitive database information

Reporter	Title	Published	Views	Family All 7
CNNVD	Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞	22 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-37435 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface	22 Aug 202318:08	–	cvelist
EUVD	EUVD-2023-41335	3 Oct 202520:07	–	euvd
NVD	CVE-2023-37435	22 Aug 202319:16	–	nvd
Prion	Sql injection	22 Aug 202319:16	–	prion
Positive Technologies	PT-2023-25964 · Riverbed · Edgeconnect Sd-Wan Orchestrator	22 Aug 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-37435 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface	22 Aug 202318:08	–	vulnrichment

NVD

Node

arubanetworks edgeconnect_sd-wan_orchestratorRange<9.3.1

[
  {
    "defaultStatus": "affected",
    "product": "EdgeConnect SD-WAN Orchestrator",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=9.3.0",
        "status": "affected",
        "version": "Orchestrator 9.3.x",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=9.2.*",
        "status": "affected",
        "version": "Orchestrator 9.2.x",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=9.1.*",
        "status": "affected",
        "version": "Orchestrator 9.1.x",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

21 Nov 2024 08:11Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5

EPSS0.00216

SSVC

CWE-89