CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2020-24632
https://notcve.org/view.php?id=CVE-2020-24632
26 Oct 2020 — A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0CVE-2020-24631
https://notcve.org/view.php?id=CVE-2020-24631
26 Oct 2020 — A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 0CVE-2019-5326
https://notcve.org/view.php?id=CVE-2019-5326
27 Feb 2020 — An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. Un usuario de aplicación administrativa o un usuario de aplicación con acceso de escritura en Aruba Airwave VisualRF es capaz de obtener una ejecución de código en la plataforma AMP. Esto es posible debido a la capacidad d... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2019-5323
https://notcve.org/view.php?id=CVE-2019-5323
27 Feb 2020 — There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. Se presentan vulnerabilidades de inyección de comando presentes en la aplicación Airwave. Determinados campos de entrada controlados por un usuario administrativo no son saneados apropiadamente antes de ser analizados por Airwave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 3CVE-2016-2032 – Aruba Authentication Bypass / Insecure Transport / Tons of Issues
https://notcve.org/view.php?id=CVE-2016-2032
06 May 2016 — A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administración de un componente de un sistema subyacente llamado RabbitMQ, lo que podría permitir a un usuario malicioso... • https://packetstorm.news/files/id/136997 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 3CVE-2016-2031 – Aruba Authentication Bypass / Insecure Transport / Tons of Issues
https://notcve.org/view.php?id=CVE-2016-2031
06 May 2016 — Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Se presentan múltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobación insuficiente de la entrada suministrada por el usuario y una ... • https://packetstorm.news/files/id/136997 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2014-8368
https://notcve.org/view.php?id=CVE-2014-8368
25 Nov 2014 — The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. La interfaz web en Aruba Networks AirWave anterior a 7.7.14 y 8.x anterior a 8.0.5 permite a usuarios remotos autenticados ganar privilegios y ejecutar código arbitrario a través de vectores no especificados. • http://secunia.com/advisories/62578 • CWE-264: Permissions, Privileges, and Access Controls •