Arubanetworks Airwave vulnerabilities

CVE-2025-37163 [HIGH] CWE-77 CVE-2025-37163: A command injection vulnerability has been identified in the command line interface of the HPE Aruba A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.

CVE-2023-4896 [MEDIUM] CVE-2023-4896: A vulnerability exists which allows an authenticated attacker to access sensitive information on the A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.

CVE-2015-2202 [HIGH] CWE-20 CVE-2015-2202: Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privilege Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CVE-2015-2201 [HIGH] CWE-78 CVE-2015-2201: Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and f Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

CVE-2022-37918 [HIGH] CWE-284 CVE-2022-37918: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba

CVE-2022-37916 [HIGH] CWE-284 CVE-2022-37916: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba

CVE-2022-37917 [HIGH] CWE-284 CVE-2022-37917: Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba

CVE-2021-37715 [MEDIUM] CWE-79 CVE-2021-37715: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platfor A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.

CVE-2021-25166 [HIGH] CWE-78 CVE-2021-25166: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25163 [HIGH] CWE-611 CVE-2021-25163: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25167 [HIGH] CWE-78 CVE-2021-25167: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-29137 [MEDIUM] CWE-601 CVE-2021-29137: A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25152 [HIGH] CWE-502 CVE-2021-25152: A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25147 [HIGH] CWE-287 CVE-2021-25147: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25151 [HIGH] CWE-502 CVE-2021-25151: A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25153 [HIGH] CWE-89 CVE-2021-25153: A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25165 [HIGH] CWE-611 CVE-2021-25165: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25154 [HIGH] CVE-2021-25154: A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform v A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-25164 [MEDIUM] CWE-611 CVE-2021-25164: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVE-2021-26964 [HIGH] CWE-863 CVE-2021-26964: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of