CVE-2023-43507 Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...

CVE-2023-43507

CVE-2023-43507 affects Aruba Networks ClearPass Policy Manager web-based management interface. Affected: authenticated user can trigger SQL injection via the web UI, potentially leaking or modifying data and risking complete cluster compromise. Documents confirm the vulnerability and its impact; ...

CVE-2023-4896

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices...

CVE-2023-20263

CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...

CVE-2023-3705

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation...

CVE-2023-3705

CVE-2023-3705 affects CP-Plus NVR and is caused by improper input handling in the web-based management interface. An unauthenticated remote attacker can send specially crafted HTTP requests to the vulnerable device, potentially exposing sensitive information. The vulnerability is rated HIGH (CVSS...

CVE-2023-3704

CVE-2023-3704 affects CP-Plus DVR; vulnerability stems from improper input validation in the web-based management interface. An unauthenticated remote attacker can trigger the issue by sending specially crafted HTTP requests to the affected device, potentially allowing the attacker to change the ...

CVE-2023-37438

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37431

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37429

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37422

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

Sql injection

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37440

CVE-2023-37440 affects Aruba Networks EdgeConnect SD-WAN Orchestrator (web-based management interface). The vulnerability is a Server-Side Request Forgery (SSRF) that could allow an unauthenticated remote attacker to enumerate internal host information and potentially disclose sensitive data. The...

CVE-2023-37439

CVE-2023-37439 describes SQL injection vulnerabilities in the EdgeConnect SD-WAN Orchestrator web management interface. The issue permits an authenticated remote attacker to exploit SQL injection to obtain and modify data in the underlying database, potentially leading to exposure and corruption ...

CVE-2023-37438 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37438

CVE-2023-37438 involves multiple SQL injection vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator. An authenticated remote attacker could exploit these flaws to obtain and modify sensitive data in the underlying database, potentially leading to exposure and c...

CVE-2023-37437 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37436 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37436

CVE-2023-37436 affects Aruba Networks EdgeConnect SD-WAN Orchestrator web-based management interface. The connected sources describe multiple SQL injection vulnerabilities that can be exploited by an authenticated remote attacker to obtain and modify data in the underlying database, potentially e...

CVE-2023-37435 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...