Pre-Authentication XXE → OOB SSRF in ArubaOS 8.13.2.0 (Port 32000)
ArubaOS 8.13.2.0 exposes an unauthenticated XML parser on port 32000 that resolves external entities, enabling OOB SSRF and internal port scanning. Wire-level pcap + target sshd log confirm server-side execution. Bugcrowd closed it as theoretical. No fix issued.