VYPR

Airwave

by Arubanetworks

CVEs (18)

  • CVE-2016-8526HigAug 6, 2018
    risk 0.61cvss 8.8epss 0.10

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can…

  • CVE-2024-54008HigDec 10, 2024
    risk 0.47cvss 7.2epss 0.01

    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.

  • CVE-2016-8527MedAug 6, 2018
    risk 0.44cvss 6.1epss 0.13

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…

  • CVE-2023-45618Nov 14, 2023
    risk 0.00cvss epss 0.01

    There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which…

  • CVE-2023-45616Nov 14, 2023
    risk 0.00cvss epss 0.02

    There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful…

  • CVE-2015-1390Sep 5, 2023
    risk 0.00cvss epss 0.00

    Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

  • CVE-2015-2201Sep 5, 2023
    risk 0.00cvss epss 0.01

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

  • CVE-2015-1391Sep 5, 2023
    risk 0.00cvss epss 0.00

    Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

  • CVE-2015-2202Sep 5, 2023
    risk 0.00cvss epss 0.01

    Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

  • CVE-2021-26967Mar 5, 2021
    risk 0.00cvss epss 0.01

    A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site…

  • CVE-2021-26961Mar 5, 2021
    risk 0.00cvss epss 0.01

    A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a…

  • CVE-2020-24640Jan 15, 2021
    risk 0.00cvss epss 0.03

    There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2020-24639Jan 15, 2021
    risk 0.00cvss epss 0.07

    There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2020-24638Jan 15, 2021
    risk 0.00cvss epss 0.03

    Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.

  • CVE-2020-24641Jan 15, 2021
    risk 0.00cvss epss 0.01

    In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately…

  • CVE-2020-7126Oct 26, 2020
    risk 0.00cvss epss 0.01

    A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2019-5323Feb 27, 2020
    risk 0.00cvss epss 0.03

    There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

  • CVE-2014-8368Nov 25, 2014
    risk 0.00cvss epss 0.03

    The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.