Filtered by vendor Arubanetworks
Subscribe
Total
460 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26967 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | |||||
CVE-2020-24639 | 1 Arubanetworks | 1 Airwave Glass | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||||
CVE-2021-26969 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | |||||
CVE-2020-7110 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
CVE-2020-7111 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
CVE-2020-7115 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | |||||
CVE-2020-7114 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
CVE-2020-7113 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher. | |||||
CVE-2020-12144 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | |||||
CVE-2020-7117 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | |||||
CVE-2019-5320 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | |||||
CVE-2020-12142 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. | |||||
CVE-2020-12143 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | |||||
CVE-2019-5321 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. | |||||
CVE-2020-7119 | 1 Arubanetworks | 1 Analytics And Location Engine | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. | |||||
CVE-2020-7116 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | |||||
CVE-2019-5326 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. | |||||
CVE-2019-5322 | 1 Arubanetworks | 14 2530 10\/100 Port, 2530 10\/100 Port Firmware, 2530 With Gigt Port and 11 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions. | |||||
CVE-2018-16417 | 2 Arubanetworks, Siemens | 3 Instant, W1750d, W1750d Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||||
CVE-2019-5323 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. |