CVE-2023-30510

MEDIUM

Aruba EdgeConnect Enterprise - Info Disclosure

Title source: llm

Description

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.

References (1)

Core 1

Core References

Various Sources

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt

Scores

CVSS v3 4.1

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (1)

arubanetworks/edgeconnect_enterprise < 9.0.8.0

Published May 16, 2023

Tracked Since Feb 18, 2026