CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4896 – Authenticated Disclosure of Sensitive Information in AirWave Management Platform
https://notcve.org/view.php?id=CVE-2023-4896
17 Oct 2023 — A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server. Existe una vulnerabilidad que permite a un atacante autenticado acceder a información confidencial en la interfaz de administración basada en web de AirWave Management Platfo... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1390
https://notcve.org/view.php?id=CVE-2015-1390
05 Sep 2023 — Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. Aruba AirWave anterior a 8.0.7 permite ataques XSS contra un administrador. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1391
https://notcve.org/view.php?id=CVE-2015-1391
05 Sep 2023 — Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. Aruba AirWave antes de la versión 8.0.7 permite eludir un mecanismo de protección CSRF. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2201
https://notcve.org/view.php?id=CVE-2015-2201
05 Sep 2023 — Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. Aruba AirWave anterior a 7.7.14.2 y 8.x y anterior a 8.0.7 permite la ejecución remota de comandos del sistema operativo VisualRF y la divulgación de archivos por parte de usuarios administrativos. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2202
https://notcve.org/view.php?id=CVE-2015-2202
05 Sep 2023 — Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. Aruba AirWave antes de las versiones 7.7.14.2 y 8.x antes de 8.0.7 permite a los usuarios administrativos escalar privilegios a root en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37916 – Broken Access Control for some Web-based Management URLs in AirWave Management Platform
https://notcve.org/view.php?id=CVE-2022-37916
08 Dec 2022 — Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Existen vulnerabilidades en la interfaz de administración basada en web de AirWave Management Plat... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37917 – Broken Access Control for some Web-based Management URLs in AirWave Management Platform
https://notcve.org/view.php?id=CVE-2022-37917
08 Dec 2022 — Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Existen vulnerabilidades en la interfaz de administración basada en web de AirWave Management Plat... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37918 – Broken Access Control for some Web-based Management URLs in AirWave Management Platform
https://notcve.org/view.php?id=CVE-2022-37918
08 Dec 2022 — Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Existen vulnerabilidades en la interfaz de administración basada en web de AirWave Management Plat... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37715
https://notcve.org/view.php?id=CVE-2021-37715
26 Aug 2021 — A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) remota en Aruba AirWave Management Platform versiones: Anteriores a 8.2.13.0. Aruba ha publicado actualizaciones para Aruba AirWave Management Platform que solucionan esta vulnerabilidad de segurid... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29137
https://notcve.org/view.php?id=CVE-2021-29137
29 Apr 2021 — A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Se detectó una vulnerabilidad de redireccionamiento abierto de una URL remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1. Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •