cbcvebase.

Arubanetworks Airwave vulnerabilities

36 known vulnerabilities affecting arubanetworks/airwave.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH23MEDIUM11

Vulnerabilities

Page 1 of 2
CVE-2021-25151P3HIGHCVSS 8.8fixed in 8.2.12.12021-04-28
CVE-2021-25151 [HIGH] CWE-502 CVE-2021-25151: A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2016-2031P3CRITICALCVSS 9.8fixed in 8.2.0.02020-01-31
CVE-2016-2031 [CRITICAL] CWE-20 CVE-2016-2031: Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient vali Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
nvd
CVE-2025-37163P3HIGHCVSS 7.2fixed in 8.3.0.52025-11-18
CVE-2025-37163 [HIGH] CWE-77 CVE-2025-37163: A command injection vulnerability has been identified in the command line interface of the HPE Aruba A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
nvd
CVE-2021-25166P3HIGHCVSS 8.8fixed in 8.2.12.12021-04-29
CVE-2021-25166 [HIGH] CWE-78 CVE-2021-25166: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2014-8368P3CRITICALCVSS 9.0≥ 7.7.0, < 7.7.14≥ 8.0.0, < 8.0.52014-11-25
CVE-2014-8368 [CRITICAL] CWE-264 CVE-2014-8368: The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authent The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
nvd
CVE-2021-25167P3HIGHCVSS 8.8fixed in 8.2.12.12021-04-29
CVE-2021-25167 [HIGH] CWE-78 CVE-2021-25167: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2021-26962P3HIGHCVSS 7.2fixed in 8.2.12.02021-03-05
CVE-2021-26962 [HIGH] CWE-78 CVE-2021-26962: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root
nvd
CVE-2022-37918P3HIGHCVSS 8.1≤ 8.2.15.02022-12-08
CVE-2022-37918 [HIGH] CWE-284 CVE-2022-37918: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba
nvd
CVE-2022-37916P3HIGHCVSS 8.1≤ 8.2.15.02022-12-08
CVE-2022-37916 [HIGH] CWE-284 CVE-2022-37916: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba
nvd
CVE-2022-37917P3HIGHCVSS 8.1≤ 8.2.15.02022-12-08
CVE-2022-37917 [HIGH] CWE-284 CVE-2022-37917: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba
nvd
CVE-2021-26963P3HIGHCVSS 7.2fixed in 8.2.12.02021-03-05
CVE-2021-26963 [HIGH] CVE-2021-26963: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the
nvd
CVE-2021-25147P3HIGHCVSS 8.1fixed in 8.2.12.12021-04-28
CVE-2021-25147 [HIGH] CWE-287 CVE-2021-25147: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2021-26961P3HIGHCVSS 8.8fixed in 8.2.12.02021-03-05
CVE-2021-26961 [HIGH] CWE-352 CVE-2021-26961: A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba Air A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist
nvd
CVE-2021-26960P3HIGHCVSS 8.8fixed in 8.2.12.02021-03-05
CVE-2021-26960 [HIGH] CWE-352 CVE-2021-26960: A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba Air A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist
nvd
CVE-2021-25153P3HIGHCVSS 8.1fixed in 8.2.12.12021-04-28
CVE-2021-25153 [HIGH] CWE-89 CVE-2021-25153: A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2015-2201P3HIGHCVSS 7.2≥ 7.0.0, < 7.7.14.22023-09-05
CVE-2015-2201 [HIGH] CWE-78 CVE-2015-2201: Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and f Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
nvd
CVE-2021-26964P3HIGHCVSS 7.1fixed in 8.2.12.02021-03-05
CVE-2021-26964 [HIGH] CWE-863 CVE-2021-26964: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of
nvd
CVE-2021-25163P3HIGHCVSS 8.1fixed in 8.2.12.12021-04-29
CVE-2021-25163 [HIGH] CWE-611 CVE-2021-25163: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2021-25165P3HIGHCVSS 8.1fixed in 8.2.12.12021-04-28
CVE-2021-25165 [HIGH] CWE-611 CVE-2021-25165: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2016-2032P3HIGHCVSS 7.5fixed in 8.2.0.02020-01-31
CVE-2016-2032 [HIGH] CWE-287 CVE-2016-2032: A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management i A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
nvd
Arubanetworks Airwave vulnerabilities | cvebase