cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4896,https://securityvulnerability.io/vulnerability/CVE-2023-4896,Authenticated Disclosure of Sensitive Information in AirWave Management Platform,A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.,HP,Aruba Airwave Management Platform,6.8,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-10-17T20:15:00.000Z,0
CVE-2015-1391,https://securityvulnerability.io/vulnerability/CVE-2015-1391,CSRF Bypass in Aruba AirWave by Aruba Networks,"A serious security vulnerability exists in Aruba AirWave that allows an attacker to bypass the CSRF protection mechanism, potentially enabling unauthorized actions on behalf of legitimate users. This flaw affects versions of the software prior to 8.0.7 and poses a risk as it may permit attackers to interact with the application's backend without proper authorization.",HP,Airwave,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-05T00:00:00.000Z,0
CVE-2015-2201,https://securityvulnerability.io/vulnerability/CVE-2015-2201,Remote OS Command Execution Vulnerability in Aruba AirWave,"Aruba AirWave versions prior to 7.7.14.2 and 8.x below 8.0.7 are susceptible to a vulnerability that allows administrative users to execute remote OS commands, leading to unauthorized access and potential file disclosure. This issue can jeopardize the security of the network management system and its data. It is crucial for users to upgrade to the latest versions to mitigate associated risks.",HP,Airwave,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-09-05T00:00:00.000Z,0
CVE-2015-1390,https://securityvulnerability.io/vulnerability/CVE-2015-1390,Cross-Site Scripting Vulnerability in Aruba AirWave Management Software,"Aruba AirWave versions prior to 8.0.7 contain a vulnerability that permits attackers to execute cross-site scripting (XSS) attacks against an administrator. This flaw can allow the insertion of malicious scripts into web pages viewed by the affected user, potentially leading to sessions hijacking and unauthorized access to sensitive information. It is crucial for administrators using Aruba AirWave to apply the necessary patches and updates to mitigate this risk.",HP,Airwave,6.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-09-05T00:00:00.000Z,0
CVE-2015-2202,https://securityvulnerability.io/vulnerability/CVE-2015-2202,Privilege Escalation Vulnerability in Aruba AirWave by Aruba Networks,"A privilege escalation vulnerability exists in Aruba AirWave that allows administrative users to gain root access on the underlying operating system. This defect is present in versions before 7.7.14.2 and 8.0.7, posing a significant risk of unauthorized control and access to sensitive system resources.",HP,Airwave,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-09-05T00:00:00.000Z,0
CVE-2016-8526,https://securityvulnerability.io/vulnerability/CVE-2016-8526,,"Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.",HP,Aruba Airwave,8.8,HIGH,0.005379999987781048,false,,false,false,false,,,false,false,,2018-08-06T20:00:00.000Z,0
CVE-2016-8527,https://securityvulnerability.io/vulnerability/CVE-2016-8527,,"Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.",HP,Aruba Airwave,6.1,MEDIUM,0.005530000198632479,false,,false,false,false,,,false,false,,2018-08-06T20:00:00.000Z,0
CVE-2017-8946,https://securityvulnerability.io/vulnerability/CVE-2017-8946,,A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.,HP,Aruba Airwave Glass,8.3,HIGH,0.005890000145882368,false,,false,false,false,,,false,false,,2018-02-15T22:29:00.000Z,0