Vulnerabilities > Arubanetworks

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-5320 Cross-site Scripting vulnerability in Arubanetworks products
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.
4.3
2020-06-03 CVE-2020-7117 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks
critical
9.0
2020-06-03 CVE-2020-7116 Improper Input Validation vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks CWE-20
critical
9.0
2020-06-03 CVE-2020-7115 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass.
network
low complexity
arubanetworks CWE-306
critical
9.8
2020-04-16 CVE-2020-7114 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets.
network
low complexity
arubanetworks CWE-306
7.5
2020-04-16 CVE-2020-7113 Information Exposure vulnerability in Arubanetworks Clearpass
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts.
network
low complexity
arubanetworks CWE-200
4.0
2020-04-16 CVE-2020-7111 Injection vulnerability in Arubanetworks Clearpass
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass.
network
low complexity
arubanetworks CWE-74
6.5
2020-04-16 CVE-2020-7110 Cross-site Scripting vulnerability in Arubanetworks Clearpass
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack.
3.5
2020-02-27 CVE-2019-5326 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform.
network
low complexity
arubanetworks CWE-502
6.5
2020-02-27 CVE-2019-5323 Command Injection vulnerability in Arubanetworks Airwave
There are command injection vulnerabilities present in the AirWave application.
network
low complexity
arubanetworks CWE-77
6.5