Vulnerabilities > Arubanetworks

DATE CVE VULNERABILITY TITLE RISK
2020-09-04 CVE-2020-7119 Unspecified vulnerability in Arubanetworks Analytics and Location Engine
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.
network
low complexity
arubanetworks
4.9
2020-08-26 CVE-2019-5321 Unspecified vulnerability in Arubanetworks products
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.
network
low complexity
arubanetworks
8.8
2020-08-26 CVE-2019-5320 Cross-site Scripting vulnerability in Arubanetworks products
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.
network
low complexity
arubanetworks CWE-79
6.1
2020-06-03 CVE-2020-7117 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks
7.2
2020-06-03 CVE-2020-7116 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks
7.2
2020-06-03 CVE-2020-7115 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass.
network
low complexity
arubanetworks CWE-306
critical
9.8
2020-04-16 CVE-2020-7114 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets.
network
low complexity
arubanetworks CWE-306
critical
9.8
2020-04-16 CVE-2020-7113 Unspecified vulnerability in Arubanetworks Clearpass
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts.
network
low complexity
arubanetworks
4.9
2020-04-16 CVE-2020-7111 Injection vulnerability in Arubanetworks Clearpass
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass.
network
low complexity
arubanetworks CWE-74
7.2
2020-04-16 CVE-2020-7110 Cross-site Scripting vulnerability in Arubanetworks Clearpass
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack.
network
low complexity
arubanetworks CWE-79
4.8