CVE-2023-30510
Last modified
CVE-2023-30510 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Edgeconnect Enterprise | <= 9.0.8.0 |
| Arubanetworks | Edgeconnect Enterprise | >= 9.1.0.0, <= 9.1.5.0 |
| Arubanetworks | Edgeconnect Enterprise | >= 9.2.0.0, <= 9.2.3.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-30510?
How severe is CVE-2023-30510?
How do I fix CVE-2023-30510?
Are you affected by CVE-2023-30510?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST