CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25154
https://notcve.org/view.php?id=CVE-2021-25154
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Se detectó una vulnerabilidad de escalada de privilegios remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1. Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25151
https://notcve.org/view.php?id=CVE-2021-25151
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Se detectó una vulnerabilidad de deserialización no segura remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1. Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25147
https://notcve.org/view.php?id=CVE-2021-25147
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Se detectó una vulnerabilidad de omisión de restricción de autenticación remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1. Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26971
https://notcve.org/view.php?id=CVE-2021-26971
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la interfaz de administración basada en web de AirWave podrían permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26969
https://notcve.org/view.php?id=CVE-2021-26969
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. Se detectó una vulnerabilidad de xml external entity (xxe) autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Debido a restricciones inapropiadas en entidades XML, se presenta una vulnerabilidad en la interfaz de administración basada en web de AirWave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-611: Improper Restriction of XML External Entity Reference •