CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24640
https://notcve.org/view.php?id=CVE-2020-24640
15 Jan 2021 — There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. Se presenta una vulnerabilidad causada por una comprobación insuficiente de entrada que permite una ejecución de comandos arbitrarios en un entorno de contenedores dentro de Airwave Glass versiones anteriores a 1.3.3. Una explotación c... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24639
https://notcve.org/view.php?id=CVE-2020-24639
15 Jan 2021 — There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. Se presenta una vulnerabilidad causada por la deserialización no segura de Java que permite una ejecución de comandos arbitrarios en un entorno de contenedores dentro de Airwave Glass versiones anteriores a 1.3.3. Una explotación con éxi... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2020-24638
https://notcve.org/view.php?id=CVE-2020-24638
15 Jan 2021 — Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system. Son posibles múltiples ejecuciones de comandos remotos autenticados en Airwave Glass versiones anteriores a 1.3.3, por medio de la cli glassadmin. Estos permiten a un usuario privilegiado de glassadmin ejecutar código arbitrario como root en el sistema operativo hos... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24641
https://notcve.org/view.php?id=CVE-2020-24641
15 Jan 2021 — In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. En Aruba AirWave Glass versiones anteriores a 1.3.3, Se presenta una vulnerabilidad de tipo Server-Side Request Forgery por medio de un endpoint no autenticado que, si se e... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt • CWE-287: Improper Authentication CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7128
https://notcve.org/view.php?id=CVE-2020-7128
04 Nov 2020 — A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de código arbitrario no autenticado en Aruba Airwave Software: versiones anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2020-7129
https://notcve.org/view.php?id=CVE-2020-7129
04 Nov 2020 — A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba Airwave Software, versiones anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-7127
https://notcve.org/view.php?id=CVE-2020-7127
26 Oct 2020 — A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución de código arbitraria no autenticado remota en las versiones de Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7126
https://notcve.org/view.php?id=CVE-2020-7126
26 Oct 2020 — A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de tipo server-side request forgery (ssrf) en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7125
https://notcve.org/view.php?id=CVE-2020-7125
26 Oct 2020 — A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de escalada de privilegios remota en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7124
https://notcve.org/view.php?id=CVE-2020-7124
26 Oct 2020 — A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de acceso no autorizado remoto en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •