vulnerability
Aruba ECOS: CVE-2022-43522: Authenticated SQL Injection Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator Web-based Management Interface
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Dec 13, 2022 | Mar 17, 2025 | Apr 2, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Dec 13, 2022
Added
Mar 17, 2025
Modified
Apr 2, 2026
Description
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host.
Solution
aruba-ecos-cve-2022-43522
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.