Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26963 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 9.0 HIGH | 7.2 HIGH |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | |||||
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 5.5 MEDIUM | 7.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | |||||
| CVE-2021-26969 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | |||||
| CVE-2021-26965 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26966 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-26970 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. | |||||
| CVE-2021-26967 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | |||||
| CVE-2021-26968 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | |||||
| CVE-2021-26971 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. | |||||
| CVE-2019-5323 | 1 Arubanetworks | 1 Airwave | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | |||||
| CVE-2019-5326 | 1 Arubanetworks | 1 Airwave | 2020-03-03 | 6.5 MEDIUM | 7.2 HIGH |
| An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. | |||||
| CVE-2014-8368 | 1 Arubanetworks | 1 Airwave | 2018-12-20 | 9.0 HIGH | N/A |
| The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | |||||