HpeCVELIST:CVE-2023-37425CVE-2023-37425 Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.1%
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "EdgeConnect SD-WAN Orchestrator",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "<=9.3.0",
"status": "affected",
"version": "Orchestrator 9.3.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=9.2.5",
"status": "affected",
"version": "Orchestrator 9.2.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "<=9.1.7",
"status": "affected",
"version": "Orchestrator 9.1.x",
"versionType": "semver"
}
]
}
]Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.1%