CVE-2023-4896

3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 78.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks AirwaveHewarhewlett Packard Enterprise (hpe) Aruba Airwave Management Platform
Timeline
PublishedOct 17

Description

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

CVEListV5hewarhewlett_packard_enterprise_(hpe)/aruba_airwave_management_platform8.2.15.2 and below, 8.3.0.1 and below +1
NVDarubanetworks/airwave8.3.08.3.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-2434-68xh-wxm6: A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management2023-10-17
CVEList
Authenticated Disclosure of Sensitive Information in AirWave Management Platform2023-10-17
CVE-2023-4896 (MEDIUM CVSS 6.5) | A vulnerability exists which allows | cvebase.io