First published: Fri Mar 05 2021(Updated: )
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Airwave | <8.2.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability identifier for this vulnerability is CVE-2021-26969.
The severity of CVE-2021-26969 is medium with a severity value of 6.5.
The affected software for CVE-2021-26969 is Aruba AirWave Management Platform version(s) prior to 8.2.12.0.
CVE-2021-26969 is a remote authenticated xml external entity (xxe) vulnerability in the web-based management interface of Aruba AirWave Management Platform.
To fix CVE-2021-26969, it is recommended to update to version 8.2.12.0 or later of Aruba AirWave Management Platform.