6 matches found
CVE-2016-8527
Aruba AirWave (VisualRF) before version 8.2.3.1 is affected by CVE-2016-8527, a reflected XSS vulnerability. An attacker can exploit a malicious link to trick a logged-in AirWave admin into clicking it, potentially leaking session cookies or passwords. Root cause is a reflected XSS in the VisualR...
CVE-2016-8526
Aruba AirWave is affected by CVE-2016-8526 (XXE) in all versions up to 8.2.3.1. The vulnerability arises from an XML External Entity injection that allows an XML processor with access to the local filesystem (running with web server permissions) to read files and potentially exfiltrate password-c...
CVE-2015-2202
Aruba AirWave is affected by CVE-2015-2202. Versions affected: Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7. The issue allows administrative users to escalate privileges to root on the underlying OS. The root cause is a privilege-escalation flaw within the AirWave software. Remediation: upg...
CVE-2015-1390
Aruba AirWave before 8.0.7 is affected by a Cross-Site Scripting (XSS) vulnerability in the administrator-facing web interface. The root cause is described as a lack of protection for the web page structure, enabling a remote attacker to perform client-side script injections through the admin UI....
CVE-2015-1391
CVE-2015-1391 affects Aruba AirWave versions prior to 8.0.7. The issue is a bypass of CSRF protection, enabling potential unauthorized actions within the affected interface. NVD notes a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, no privileges required, and user interaction req...
CVE-2015-2201
Aruba AirWave contains a vulnerability in VisualRF that permits remote OS command execution and file disclosure by administrative users in affected releases. Affected versions are Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7. The issue is triggered through VisualRF components and could lead...