CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26971
https://notcve.org/view.php?id=CVE-2021-26971
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la interfaz de administración basada en web de AirWave podrían permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26969
https://notcve.org/view.php?id=CVE-2021-26969
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. Se detectó una vulnerabilidad de xml external entity (xxe) autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Debido a restricciones inapropiadas en entidades XML, se presenta una vulnerabilidad en la interfaz de administración basada en web de AirWave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26970
https://notcve.org/view.php?id=CVE-2021-26970
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la interfaz de administración basada en web de AirWave podrían permitir a usuarios autenticados remoto ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26968
https://notcve.org/view.php?id=CVE-2021-26968
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. Se detectó una vulnerabilidad autenticada remota de tipo cross-site scripting (xss) almacenado en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Una vulnerabilidad en la interfaz de administración basada en web de AirWave podría permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26967
https://notcve.org/view.php?id=CVE-2021-26967
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. Se detectó una vulnerabilidad de tipo cross-site scripting (xss) reflejadas de forma remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Una vulnerabilidad en la interfaz de administración basada en web de AirWave podría permitir a un atacante remoto conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de determinados componentes de la interfaz. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •