CVE-2023-37438
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 22, 2023
Updated: Aug 29, 2023
CWE ID 89
Summary
CVE-2023-37438 refers to multiple SQL injection vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator. An authenticated attacker can exploit these flaws and conduct SQL attacks, potentially gaining unauthorized access to sensitive information and leading to the corruption of data controlled by the EdgeConnect SD-WAN Orchestrator host. These vulnerabilities pose a significant risk to the security and integrity of data managed through this system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Aruba Networks