vulnerability

Aruba ECOS: CVE-2022-43520: Authenticated SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator Web-based Management Interface

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Dec 13, 2022	Mar 17, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Dec 13, 2022

Added

Mar 17, 2025

Modified

Jul 2, 2025

Description

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host.

Solution

aruba-ecos-cve-2022-43520

References

CVE-2022-43520
https://attackerkb.com/topics/CVE-2022-43520
URL-https://csaf.arubanetworks.com/2022/hpe_aruba_networking_-_2022-021.json
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today