Vulnerabilities > Arubanetworks > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2020-7120 Classic Buffer Overflow vulnerability in Arubanetworks Clearpass Policy Manager
A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
local
low complexity
arubanetworks CWE-120
5.3
2021-02-23 CVE-2021-26686 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-89
6.5
2021-02-23 CVE-2021-26682 Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager
A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-79
6.1
2021-02-23 CVE-2021-26678 Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-79
6.1
2021-02-23 CVE-2021-26685 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-89
6.5
2021-02-09 CVE-2021-25141 A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware.
local
low complexity
arubanetworks hpe
4.4
2020-12-11 CVE-2020-12149 OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input.
network
low complexity
arubanetworks CWE-78
6.8
2020-12-11 CVE-2020-12148 OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance.
network
low complexity
arubanetworks CWE-78
6.8
2020-10-26 CVE-2020-7126 Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
network
low complexity
arubanetworks CWE-918
5.8
2020-09-04 CVE-2020-7119 Unspecified vulnerability in Arubanetworks Analytics and Location Engine
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.
network
low complexity
arubanetworks
4.9