How severe is CVE-2022-43529?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-43529?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2022-43529 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to remain on the system with the permissions of their current session after the session should be invalidated in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

Related Vulnerabilities

CVE-2014-125048

MEDIUM

CVSS:5.4(Medium)

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session ...

CWE-3842014

CVE-2017-2145

MEDIUM

CVSS:5.4(Medium)

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

CWE-3842017

CVE-2018-1000409

MEDIUM

CVSS:5.4(Medium)

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalida...

CWE-3842018

CVE-2018-13337

MEDIUM

CVSS:5.4(Medium)

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

CWE-3842018

CVE-2018-18380

MEDIUM

CVSS:5.4(Medium)

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The ...

CWE-3842018

CVE-2019-10158

MEDIUM

CVSS:5.4(Medium)

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

CWE-3842019