Vulnerabilities > Arubanetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-26 | CVE-2020-7126 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1 A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 5.8 |
| 2020-09-04 | CVE-2020-7119 | Unspecified vulnerability in Arubanetworks Analytics and Location Engine A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. | 4.9 |
| 2020-08-26 | CVE-2019-5320 | Cross-site Scripting vulnerability in Arubanetworks products Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | 6.1 |
| 2020-04-16 | CVE-2020-7113 | Unspecified vulnerability in Arubanetworks Clearpass A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. | 4.9 |
| 2020-04-16 | CVE-2020-7110 | Cross-site Scripting vulnerability in Arubanetworks Clearpass ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. | 4.8 |
| 2019-09-13 | CVE-2019-5314 | Injection vulnerability in Arubanetworks Arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. | 6.1 |
| 2019-05-10 | CVE-2018-7064 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. | 6.1 |
| 2018-02-27 | CVE-2018-0489 | Improper Verification of Cryptographic Signature vulnerability in multiple products Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. | 6.5 |
| 2017-12-13 | CVE-2017-13099 | Information Exposure Through Discrepancy vulnerability in multiple products wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. | 5.9 |