Search
Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25154 | 1 Arubanetworks | 1 Airwave | 2022-05-03 | 6.0 MEDIUM | 7.5 HIGH |
| A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25167 | 1 Arubanetworks | 1 Airwave | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25152 | 1 Arubanetworks | 1 Airwave | 2021-05-12 | 9.0 HIGH | 7.2 HIGH |
| A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25147 | 1 Arubanetworks | 1 Airwave | 2021-05-08 | 6.8 MEDIUM | 8.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25151 | 1 Arubanetworks | 1 Airwave | 2021-05-07 | 9.0 HIGH | 8.8 HIGH |
| A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25165 | 1 Arubanetworks | 1 Airwave | 2021-05-07 | 5.5 MEDIUM | 8.1 HIGH |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25153 | 1 Arubanetworks | 1 Airwave | 2021-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25163 | 1 Arubanetworks | 1 Airwave | 2021-05-03 | 5.5 MEDIUM | 8.1 HIGH |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-25166 | 1 Arubanetworks | 1 Airwave | 2021-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-26960 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | |||||
| CVE-2021-26961 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | |||||
| CVE-2021-26962 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 9.0 HIGH | 7.2 HIGH |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | |||||
| CVE-2021-26963 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 9.0 HIGH | 7.2 HIGH |
| A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | |||||
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 5.5 MEDIUM | 7.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | |||||
| CVE-2019-5323 | 1 Arubanetworks | 1 Airwave | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | |||||
| CVE-2019-5326 | 1 Arubanetworks | 1 Airwave | 2020-03-03 | 6.5 MEDIUM | 7.2 HIGH |
| An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. | |||||
| CVE-2016-2032 | 1 Arubanetworks | 3 Airwave, Aruba Instant, Arubaos | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | |||||