Volerion logoVolerion
Volerion logoVolerion

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator Authenticated SQL Injection Vulnerability

Vulnerability

An authenticated remote SQL injection vulnerability has been identified in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN Orchestrator. This vulnerability affects versions 9.5.5 and below, 9.4.4 and below, and all builds of versions 9.2.x and 9.3.x, which are end of maintenance. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability could result in unauthorized access to or manipulation of data in the application's database.

Remediation

Users are advised to upgrade to EdgeConnect SD-WAN Orchestrator version 9.6.1 and above or version 9.5.6 and above. For assistance, contact HPE Services - Aruba Networking.

Added: Jan 14, 2026, 5:37 PM
Updated: Jan 14, 2026, 5:37 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
3.1
exploitability
5.2
remediation
7.9
relevance
2.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.