CVE-2022-37925

Name of the Vulnerable Software and Affected Versions Aruba EdgeConnect Enterprise versions 9.2.1.0 and below Aruba EdgeConnect Enterprise versions 9.1.3.0 and below Aruba EdgeConnect Enterprise versions 9.0.7.0 and below Aruba EdgeConnect Enterprise versions 8.3.7.1 and below

Description A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Recommendations For versions 9.2.1.0 and below, consider disabling access to the web-based management interface until a patch is available. For versions 9.1.3.0 and below, restrict access to the interface to minimize the risk of exploitation. For versions 9.0.7.0 and below, avoid using the interface for sensitive operations until the issue is resolved. For versions 8.3.7.1 and below, consider implementing additional security measures, such as input validation and output encoding, to prevent XSS attacks.