Arubanetworks Airwave vulnerabilities
36 known vulnerabilities affecting arubanetworks/airwave.
Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH23MEDIUM11
Vulnerabilities
Page 2 of 2
CVE-2019-5323P3HIGHCVSS 7.2≥ 8.0.0, < 8.2.10.12020-02-27
CVE-2019-5323 [HIGH] CWE-77 CVE-2019-5323: There are command injection vulnerabilities present in the AirWave application. Certain input fields
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
nvd
CVE-2015-2202P3HIGHCVSS 7.2≥ 7.0.0, < 7.7.14.22023-09-05
CVE-2015-2202 [HIGH] CWE-20 CVE-2015-2202: Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privilege
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
nvd
CVE-2021-26970P3MEDIUMCVSS 6.3fixed in 8.2.12.02021-03-05
CVE-2021-26970 [MEDIUM] CWE-78 CVE-2021-26970: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execut
nvd
CVE-2021-26971P3MEDIUMCVSS 6.3fixed in 8.2.12.02021-03-05
CVE-2021-26971 [MEDIUM] CVE-2021-26971: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbit
nvd
CVE-2021-25154P3HIGHCVSS 7.5fixed in 8.2.12.12021-04-28
CVE-2021-25154 [HIGH] CVE-2021-25154: A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform v
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2019-5326P3HIGHCVSS 7.2≥ 8.0.0, < 8.2.10.12020-02-27
CVE-2019-5326 [HIGH] CWE-502 CVE-2019-5326: An administrative application user of or application user with write access to Aruba Airwave VisualR
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
nvd
CVE-2021-25152P3HIGHCVSS 7.2fixed in 8.2.12.12021-04-28
CVE-2021-25152 [HIGH] CWE-502 CVE-2021-25152: A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2023-4896P3MEDIUMCVSS 6.5≤ 8.2.15.2≥ 8.3.0, < 8.3.0.22023-10-17
CVE-2023-4896 [MEDIUM] CVE-2023-4896: A vulnerability exists which allows an authenticated attacker to access sensitive information on the
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
nvd
CVE-2021-26965P3MEDIUMCVSS 6.5fixed in 8.2.12.02021-03-05
CVE-2021-26965 [MEDIUM] CWE-89 CVE-2021-26965: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platfo
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and m
nvd
CVE-2021-26966P3MEDIUMCVSS 6.5fixed in 8.2.12.02021-03-05
CVE-2021-26966 [MEDIUM] CWE-89 CVE-2021-26966: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platfo
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and m
nvd
CVE-2021-26969P3MEDIUMCVSS 6.5fixed in 8.2.12.02021-03-05
CVE-2021-26969 [MEDIUM] CWE-611 CVE-2021-26969: A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve fi
nvd
CVE-2021-25164P4MEDIUMCVSS 6.5fixed in 8.2.12.12021-04-28
CVE-2021-25164 [MEDIUM] CWE-611 CVE-2021-25164: A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2021-29137P4MEDIUMCVSS 6.1fixed in 8.2.12.12021-04-29
CVE-2021-29137 [MEDIUM] CWE-601 CVE-2021-29137: A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
nvd
CVE-2021-26967P4MEDIUMCVSS 6.1fixed in 8.2.12.02021-03-05
CVE-2021-26967 [MEDIUM] CWE-79 CVE-2021-26967: A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Manageme
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A
nvd
CVE-2021-26968P4MEDIUMCVSS 4.8fixed in 8.2.12.02021-03-05
CVE-2021-26968 [MEDIUM] CWE-79 CVE-2021-26968: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWa
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A
nvd
CVE-2021-37715P4MEDIUMCVSS 4.8fixed in 8.2.13.02021-08-26
CVE-2021-37715 [MEDIUM] CWE-79 CVE-2021-37715: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platfor
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.
nvd
← Previous2 / 2