Versions
EdgeConnect SD-WAN Orchestrator 9.4.x:Orchestrator 9.4.1 (all builds) and below
<=9.3.2
<=9.4.1
EdgeConnect SD-WAN Orchestrator 9.1.x:Orchestrator 9.1.9 (all builds) and below
EdgeConnect SD-WAN Orchestrator 9.2.x:Orchestrator 9.2.9 (all builds) and below
EdgeConnect SD-WAN Orchestrator 9.3.x:Orchestrator 9.3.2 (all builds) and below
<=9.2.9
<=9.1.9
Recent CVEs
CVE-2024-22444
A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface.
CVE-2024-22443
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-41914
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.