CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26965
https://notcve.org/view.php?id=CVE-2021-26965
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. Se detectó una vulnerabilidad de inyección SQL autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Múltiples vulnerabilidades en la API de AirWave podrían permitir a un atacante remoto autenticado conducir ataques de inyección SQL contra la instancia de AirWave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26966
https://notcve.org/view.php?id=CVE-2021-26966
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. Se detectó una vulnerabilidad de inyección SQL autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Múltiples vulnerabilidades en la API de AirWave podrían permitir a un atacante remoto autenticado conducir ataques de inyección SQL contra la instancia de AirWave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26963
https://notcve.org/view.php?id=CVE-2021-26963
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la CLI de AirWave podrían permitir a usuarios autenticados remoto ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26964
https://notcve.org/view.php?id=CVE-2021-26964
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. Se detectó una vulnerabilidad de omisión de restricción de autenticación remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26960
https://notcve.org/view.php?id=CVE-2021-26960
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. Se detectó una vulnerabilidad de cross-site request forgery (csrf) no autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Una vulnerabilidad en la interfaz de administración basada en web de AirWave podría permitir a un atacante remoto no autenticado conducir un ataque CSRF contra un sistema vulnerable. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •