CVE-2023-37434 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37432

CVE-2023-37432 involves multiple SQL injection vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator. A authenticated remote attacker could exploit these flaws to obtain and modify data in the underlying database, potentially leading to exposure and corruption o...

CVE-2023-37431 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37431

CVE-2023-37431 involves multiple SQL injection vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator. The issue allows an authenticated remote attacker to perform SQL injection against the Orchestrator instance, potentially obtaining and modifying data in the un...

CVE-2023-37430 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37429 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37428 Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading t...

CVE-2023-37427 Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on...

CVE-2023-37425 Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2023-37425

EdgeConnect SD-WAN Orchestrator web-based management interface is affected by an unauthenticated stored XSS vulnerability. The issue allows an attacker to run arbitrary script code in an admin’s browser via the interface. Public details describe the vulnerability and impact, but do not specify af...

CVE-2023-37424

CVE-2023-37424 affects the web-based management interface of Aruba EdgeConnect SD-WAN Orchestrator. The vulnerability allows an unauthenticated remote attacker to trigger arbitrary commands on the underlying host, potentially leading to complete system compromise. The issue arises from flaws in t...

PT-2023-25956 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

PT-2023-25957 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: The web-based management interface of EdgeConnect SD-WAN Orchestrator contains multiple vulnerabilities that could allow an authenticated remote attacker to conduct...

CVE-2023-20203

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

CVE-2023-20111

CVE-2023-20111 affects Cisco Identity Services Engine (ISE). The issue is an improper storage of sensitive information in the web-based management interface, allowing an authenticated, remote attacker to log in and view hidden fields, potentially exposing credentials and enabling further attacks....

CVE-2023-20228

CVE-2023-20228 concerns Cisco Integrated Management Controller (IMC) web-based management interface. The issue is an XSS vulnerability caused by insufficient input validation, exploitable by an unauthenticated, remote attacker who entices a user to click a crafted link. Successful exploitation co...

CVE-2020-26065

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

Input validation

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2023-20181

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...