Vulnerabilities > Arubanetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2021-26682 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 6.1 |
| 2021-02-23 | CVE-2021-26681 | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 7.2 |
| 2021-02-23 | CVE-2021-26678 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 6.1 |
| 2021-02-23 | CVE-2021-26685 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 6.5 |
| 2021-02-09 | CVE-2021-25141 | A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. | 4.4 |
| 2021-01-15 | CVE-2020-24641 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. | 7.5 |
| 2021-01-15 | CVE-2020-24640 | Unspecified vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. | 9.8 |
| 2021-01-15 | CVE-2020-24639 | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. | 9.8 |
| 2021-01-15 | CVE-2020-24638 | Unspecified vulnerability in Arubanetworks Airwave Glass Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. | 7.2 |
| 2020-12-11 | CVE-2020-12149 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. | 6.8 |