Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
History

Thu, 03 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Hpe
Hpe edgeconnect Sd-wan Orchestrator
CPEs cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
Vendors & Products Hpe
Hpe edgeconnect Sd-wan Orchestrator
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-08-22T18:07:58.022Z

Updated: 2024-10-03T14:45:14.356Z

Reserved: 2023-07-05T17:36:47.997Z

Link: CVE-2023-37429

cve-icon Vulnrichment

Updated: 2024-08-02T17:16:29.487Z

cve-icon NVD

Status : Modified

Published: 2023-08-22T19:16:37.580

Modified: 2024-11-21T08:11:41.513

Link: CVE-2023-37429

cve-icon Redhat

No data.