Medium severity5.5NVD Advisory· Published Aug 22, 2023· Updated Jun 17, 2026
CVE-2023-37440
CVE-2023-37440
Description
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.
Affected products
2- Hewlett Packard Enterprise (HPE)/EdgeConnect SD-WAN Orchestratorv5Range: Orchestrator 9.3.x
Patches
Vulnerability mechanics
References
1- www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txtnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.