Show filters
54 Total Results
Displaying 31-40 of 54
Sort by:
Attacker Value
Unknown

CVE-2021-26960

Disclosure Date: March 05, 2021 (last updated February 22, 2025)
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Attacker Value
Unknown

CVE-2021-26961

Disclosure Date: March 05, 2021 (last updated February 22, 2025)
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Attacker Value
Unknown

CVE-2021-26962

Disclosure Date: March 05, 2021 (last updated February 22, 2025)
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
Attacker Value
Unknown

CVE-2020-24640

Disclosure Date: January 15, 2021 (last updated November 28, 2024)
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
Attacker Value
Unknown

CVE-2020-24639

Disclosure Date: January 15, 2021 (last updated February 22, 2025)
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
Attacker Value
Unknown

CVE-2020-24638

Disclosure Date: January 15, 2021 (last updated November 28, 2024)
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.
Attacker Value
Unknown

CVE-2020-24641

Disclosure Date: January 15, 2021 (last updated February 22, 2025)
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.
Attacker Value
Unknown

CVE-2020-7129

Disclosure Date: November 04, 2020 (last updated November 28, 2024)
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
Attacker Value
Unknown

CVE-2020-7128

Disclosure Date: November 04, 2020 (last updated February 22, 2025)
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
Attacker Value
Unknown

CVE-2020-7124

Disclosure Date: October 26, 2020 (last updated November 28, 2024)
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.