Vulnerabilities > Arubanetworks > Aruba Instant > 4.2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2016-2032 | Improper Authentication vulnerability in Arubanetworks Airwave Network Management, Aruba Instant and Arubaos A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. | 5.0 |
| 2020-01-31 | CVE-2016-2031 | Improper Input Validation vulnerability in multiple products Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | 9.8 |
| 2019-05-10 | CVE-2018-7084 | OS Command Injection vulnerability in multiple products A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. | 9.8 |
| 2019-05-10 | CVE-2018-7064 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. | 4.3 |
| 2019-05-10 | CVE-2018-7083 | Information Exposure vulnerability in multiple products If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. | 5.0 |
| 2019-05-10 | CVE-2018-7082 | OS Command Injection vulnerability in multiple products A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. | 7.2 |