Vulnerabilities > HP > Airwave > 8.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2015-1390 Cross-site Scripting vulnerability in HP Airwave
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
network
low complexity
hp CWE-79
6.1
6.1
2023-09-05 CVE-2015-1391 Cross-Site Request Forgery (CSRF) vulnerability in HP Airwave
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
network
low complexity
hp CWE-352
8.8
8.8
2023-09-05 CVE-2015-2201 OS Command Injection vulnerability in multiple products
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
network
low complexity
hp arubanetworks CWE-78
7.2
7.2
2023-09-05 CVE-2015-2202 Improper Input Validation vulnerability in multiple products
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
network
low complexity
hp arubanetworks CWE-20
7.2
7.2
2018-08-06 CVE-2016-8527 Cross-site Scripting vulnerability in HP Airwave
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS).
network
hp CWE-79
4.3
4.3
2018-08-06 CVE-2016-8526 XXE vulnerability in HP Airwave
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE).
network
low complexity
hp CWE-611
4.0
4.0