Volerion logoVolerion
Volerion logoVolerion

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerability

Vulnerability

A vulnerability allowing authenticated remote attackers to perform SQL injection attacks has been identified in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN Orchestrator. This vulnerability affects versions 9.5.5 and below, 9.4.4 and below, and all builds of versions 9.2.x and 9.3.x, which are end of life. Successful exploitation could enable attackers to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability could allow an authenticated remote attacker to execute arbitrary SQL commands on the database, with possible consequences of unauthorized data access or data manipulation.

Remediation

Users are advised to upgrade to EdgeConnect SD-WAN Orchestrator version 9.6.1 and above or version 9.5.6 and above. For more information, visit the HPE Aruba Networking Support Portal.

Added: Jan 14, 2026, 5:37 PM
Updated: Jan 14, 2026, 5:37 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
3.1
exploitability
5.2
remediation
7.9
relevance
2.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.