CVE-2025-37160

Medium CVSS: 5.3

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

Vendor

Hpe

Product

Arubaos-cx

CWE

CWE-200

Yayın Tarihi

2025-11-18 19:15:48

Güncelleme

2025-12-04 18:18:12

Source Identifier

security-alert@hpe.com

KEV Date Added

Kategoriler

CWE-200 Arubaos-cx MEDIUM Hpe 2025

Referanslar

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Benzer Kayıtlar

Medium

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

Medium

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

High

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote at…

Medium

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger…

Critical

CVE-2025-37164

A remote code execution issue exists in HPE OneView.

High

CVE-2025-37155

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control…