PT-2023-25968 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Daniel Jensen

Publicado

2023-08-22

Atualizado

2024-10-29

CVE-2023-37439

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions EdgeConnect SD-WAN Orchestrator (affected versions not specified)

Description The web-based management interface of EdgeConnect SD-WAN Orchestrator contains multiple vulnerabilities that could allow an authenticated remote attacker to conduct SQL injection attacks against the instance. This could lead to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insecure Storage of Sensitive Information

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-922CWE-79

Identificadores relacionados

CVE-2023-37439

Produtos afetados

Edgeconnect Sd-Wan Orchestrator

PT-2023-25968 · Riverbed · Edgeconnect Sd-Wan Orchestrator

CVE-2023-37439

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5