Vulnerabilities > Arubanetworks > Airwave Glass > 1.3.2

DATE CVE VULNERABILITY TITLE RISK
2021-01-15 CVE-2020-24641 Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information.
network
low complexity
arubanetworks CWE-918
5.0
5.0
2021-01-15 CVE-2020-24640 Unspecified vulnerability in Arubanetworks Airwave Glass
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.
network
low complexity
arubanetworks
critical
 10.0
10
2021-01-15 CVE-2020-24639 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.
network
low complexity
arubanetworks CWE-502
critical
 10.0
10
2021-01-15 CVE-2020-24638 Unspecified vulnerability in Arubanetworks Airwave Glass
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli.
network
low complexity
arubanetworks
critical
 9.0
9.0