CVE-2021-26966SQL Injection in Airwave

CWE-89SQL Injection12 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Airwave
Timeline
PublishedMar 5
Latest updateJun 9

Description

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

NVDarubanetworks/airwave< 8.2.12.0

🔴Vulnerability Details

11
OSV
linux-azure vulnerabilities2025-06-09
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-06-09
OSV
linux-azure-fips vulnerabilities2025-06-09
OSV
linux-fips vulnerabilities2025-06-06
OSV
linux, linux-aws, linux-kvm vulnerabilities2025-06-04
CVE-2021-26966 — SQL Injection in Arubanetworks Airwave | cvebase