Description
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-200
Metadata
- Primary Vendor
- HPE
- Published
- 11/18/2025
- Last Modified
- 12/4/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hpe : arubaos-cxhpe : arubaos-cxhpe : arubaos-cxhpe : arubaos-cxhpe : arubaos-cx
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.