CVE-2019-5326
https://notcve.org/view.php?id=CVE-2019-5326
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. Un usuario de aplicación administrativa o un usuario de aplicación con acceso de escritura en Aruba Airwave VisualRF es capaz de obtener una ejecución de código en la plataforma AMP. Esto es posible debido a la capacidad de sobrescribir un archivo en el disco que posteriormente es deserializado por el componente de aplicación Java. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-502: Deserialization of Untrusted Data •
CVE-2019-5323
https://notcve.org/view.php?id=CVE-2019-5323
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. Se presentan vulnerabilidades de inyección de comando presentes en la aplicación Airwave. Determinados campos de entrada controlados por un usuario administrativo no son saneados apropiadamente antes de ser analizados por Airwave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2019-5322
https://notcve.org/view.php?id=CVE-2019-5322
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions. Una vulnerabilidad de divulgación de información remotamente explotable está presente en Aruba Intelligent Edge Switch modelos 5400, 3810, 2920, 2930, 2530 con puerto GigT, puerto 2530 10/100 o 2540. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt •
CVE-2016-4401
https://notcve.org/view.php?id=CVE-2016-4401
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. Aruba ClearPass Policy Manager versiones anteriores a 6.5.7 y versiones 6.6.x anteriores a 6.6.2, permite a atacantes obtener credenciales de la base de datos. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt • CWE-522: Insufficiently Protected Credentials •
CVE-2018-16417
https://notcve.org/view.php?id=CVE-2018-16417
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. Aruba Instant versiones 4.x anteriores a la versión 6.4.4.8-4.2.4.12, versiones 6.5.x anteriores a la versión 6.5.4.11, versiones 8.3.x anteriores a 8.3.0.6 y versiones 8.4.x anteriores a la versión 8.4.0.1, permite una Inyección de Comandos. • http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf https://www.anquanke.com/vul/id/1652568 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt https://www.us-cert.gov/ics/advisories/ICSA-19-134-07 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •