Vulnerabilities (CVE)

Filtered by vendor Arubanetworks Subscribe
Filtered by product Airwave
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4896 1 Arubanetworks 1 Airwave 2024-11-21 N/A 6.8 MEDIUM
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
CVE-2022-37918 1 Arubanetworks 1 Airwave 2024-11-21 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2022-37917 1 Arubanetworks 1 Airwave 2024-11-21 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2022-37916 1 Arubanetworks 1 Airwave 2024-11-21 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2021-37715 1 Arubanetworks 1 Airwave 2024-11-21 3.5 LOW 4.8 MEDIUM
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.
CVE-2021-29137 1 Arubanetworks 1 Airwave 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
CVE-2021-26971 1 Arubanetworks 1 Airwave 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
CVE-2021-26970 1 Arubanetworks 1 Airwave 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
CVE-2021-26969 1 Arubanetworks 1 Airwave 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
CVE-2021-26968 1 Arubanetworks 1 Airwave 2024-11-21 3.5 LOW 4.8 MEDIUM
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.
CVE-2021-26967 1 Arubanetworks 1 Airwave 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.
CVE-2021-26966 1 Arubanetworks 1 Airwave 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
CVE-2021-26965 1 Arubanetworks 1 Airwave 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
CVE-2021-26964 1 Arubanetworks 1 Airwave 2024-11-21 5.5 MEDIUM 7.1 HIGH
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.
CVE-2021-26963 1 Arubanetworks 1 Airwave 2024-11-21 9.0 HIGH 7.2 HIGH
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
CVE-2021-26962 1 Arubanetworks 1 Airwave 2024-11-21 9.0 HIGH 7.2 HIGH
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
CVE-2021-26961 1 Arubanetworks 1 Airwave 2024-11-21 6.8 MEDIUM 8.8 HIGH
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
CVE-2021-26960 1 Arubanetworks 1 Airwave 2024-11-21 6.8 MEDIUM 8.8 HIGH
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
CVE-2021-25167 1 Arubanetworks 1 Airwave 2024-11-21 6.5 MEDIUM 8.8 HIGH
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
CVE-2021-25166 1 Arubanetworks 1 Airwave 2024-11-21 6.5 MEDIUM 8.8 HIGH
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.