CVE-2016-8526: XEE
First published: Mon Aug 06 2018(Updated: )
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Airwave | <8.2.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-8526?
CVE-2016-8526 is a vulnerability in Aruba Airwave that allows XML external entity (XXE) attacks.
What is the severity of CVE-2016-8526?
The severity of CVE-2016-8526 is high (8.8).
How does CVE-2016-8526 affect Aruba Airwave?
CVE-2016-8526 affects all versions of Aruba Airwave up to, but not including, 8.2.3.1 and allows for XXE attacks.
How can I fix CVE-2016-8526?
To fix CVE-2016-8526, it is recommended to upgrade Aruba Airwave to version 8.2.3.1 or later.
Where can I find more information about CVE-2016-8526?
More information about CVE-2016-8526 can be found at the following references: [link1], [link2], [link3].
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp airwave