Filtered by vendor Arubanetworks
Subscribe
Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7064 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | |||||
| CVE-2018-7063 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts. | |||||
| CVE-2018-7060 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface. | |||||
| CVE-2018-16417 | 2 Arubanetworks, Siemens | 3 Instant, W1750d, W1750d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||||
| CVE-2018-0489 | 3 Arubanetworks, Debian, Shibboleth | 3 Clearpass, Debian Linux, Xmltooling-c | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. | |||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
| CVE-2016-2032 | 1 Arubanetworks | 3 Airwave, Aruba Instant, Arubaos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | |||||
| CVE-2016-2031 | 2 Arubanetworks, Siemens | 5 Airwave, Aruba Instant, Arubaos and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | |||||
| CVE-2015-2202 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | N/A | 7.2 HIGH |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | N/A | 7.2 HIGH |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||||
| CVE-2014-2592 | 1 Arubanetworks | 1 Web Management Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | |||||
| CVE-2024-42400 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-23 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||
| CVE-2024-42395 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-12 | N/A | 9.8 CRITICAL |
| There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-42394 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-12 | N/A | 9.8 CRITICAL |
| There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-42393 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-12 | N/A | 9.8 CRITICAL |
| There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||