CVE-2021-26965SQL Injection in Airwave

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Airwave
Timeline
PublishedMar 5
Latest updateMay 24

Description

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

NVDarubanetworks/airwave< 8.2.12.0

🔴Vulnerability Details

2
GHSA
GHSA-h4w7-53vg-x937: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 82022-05-24
CVEList
CVE-2021-26965: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 82021-03-05
CVE-2021-26965 — SQL Injection in Arubanetworks Airwave | cvebase