Vulnerabilities > Arubanetworks > Aruba Instant > 8.4.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-05-10 CVE-2018-7084 OS Command Injection vulnerability in multiple products
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system.
network
low complexity
arubanetworks siemens CWE-78
critical
 9.8
9.8
2019-05-10 CVE-2018-7064 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface.
network
low complexity
arubanetworks siemens CWE-79
6.1
6.1
2019-05-10 CVE-2018-7082 OS Command Injection vulnerability in multiple products
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system.
network
low complexity
arubanetworks siemens CWE-78
7.2
7.2