CVE-2022-37926

Name of the Vulnerable Software and Affected Versions Aruba EdgeConnect Enterprise Software versions prior to ECOS 9.2.1.0 Aruba EdgeConnect Enterprise Software versions prior to ECOS 9.1.3.0 Aruba EdgeConnect Enterprise Software versions prior to ECOS 9.0.7.0 Aruba EdgeConnect Enterprise Software versions prior to ECOS 8.3.7.1

Description A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Recommendations For versions prior to ECOS 9.2.1.0, update to a version above ECOS 9.2.1.0 to resolve the issue. For versions prior to ECOS 9.1.3.0, update to a version above ECOS 9.1.3.0 to resolve the issue. For versions prior to ECOS 9.0.7.0, update to a version above ECOS 9.0.7.0 to resolve the issue. For versions prior to ECOS 8.3.7.1, update to a version above ECOS 8.3.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.