CVE-2023-30510 MEDIUM

CVE-2023-30510: Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface

Vendor Hewlett Packard Enterprise (Hpe)
Product Aruba EdgeConnect Enterprise Software
Published May 16, 2023
Last update January 22, 2025

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.

Key dates

02Disclosure timeline

May 16, 2023 CVE published
January 22, 2025 Record updated