Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-292
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Aruba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | ClearPass versions 6.7.x antérieures à 6.7.14-HF1 | ||
| N/A | N/A | ClearPass versions 6.8.x antérieures à 6.8.9 | ||
| HPE Aruba Networking | AirWave Management Platform | AirWave Management Platform versions antérieures à 8.2.12.1 | ||
| N/A | N/A | ClearPass versions 6.9.x antérieures à 6.9.5 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClearPass versions 6.7.x ant\u00e9rieures \u00e0 6.7.14-HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ClearPass versions 6.8.x ant\u00e9rieures \u00e0 6.8.9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "AirWave Management Platform versions ant\u00e9rieures \u00e0 8.2.12.1",
"product": {
"name": "AirWave Management Platform",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "ClearPass versions 6.9.x ant\u00e9rieures \u00e0 6.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25165"
},
{
"name": "CVE-2021-25151",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25151"
},
{
"name": "CVE-2020-7123",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7123"
},
{
"name": "CVE-2021-25164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25164"
},
{
"name": "CVE-2021-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29145"
},
{
"name": "CVE-2021-29142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29142"
},
{
"name": "CVE-2021-29139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29139"
},
{
"name": "CVE-2021-29146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29146"
},
{
"name": "CVE-2021-29137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29137"
},
{
"name": "CVE-2021-29140",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29140"
},
{
"name": "CVE-2021-25154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25154"
},
{
"name": "CVE-2021-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25166"
},
{
"name": "CVE-2021-25167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25167"
},
{
"name": "CVE-2021-29138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29138"
},
{
"name": "CVE-2021-29144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29144"
},
{
"name": "CVE-2021-25152",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25152"
},
{
"name": "CVE-2021-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25147"
},
{
"name": "CVE-2021-29147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29147"
},
{
"name": "CVE-2021-25163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25163"
},
{
"name": "CVE-2021-29141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29141"
},
{
"name": "CVE-2021-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25153"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-292",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Aruba.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Aruba",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2021-009 du 20 avril 2021",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2021-010 du 20 avril 2021",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
CVE-2021-25153 (GCVE-0-2021-25153)
Vulnerability from cvelistv5 – Published: 2021-04-28 18:52 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote sql injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote sql injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T18:52:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote sql injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25153",
"datePublished": "2021-04-28T18:52:37",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25164 (GCVE-0-2021-25164)
Vulnerability from cvelistv5 – Published: 2021-04-28 19:37 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T19:37:22",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25164",
"datePublished": "2021-04-28T19:37:22",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29140 (GCVE-0-2021-29140)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:19 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity (xxe)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity (xxe)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:19:12",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity (xxe)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29140",
"datePublished": "2021-04-29T12:19:12",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29137 (GCVE-0-2021-29137)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:10 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote url redirection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote url redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:10:12",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote url redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29137",
"datePublished": "2021-04-29T11:10:12",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25165 (GCVE-0-2021-25165)
Vulnerability from cvelistv5 – Published: 2021-04-28 19:56 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T19:56:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25165",
"datePublished": "2021-04-28T19:56:26",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25154 (GCVE-0-2021-25154)
Vulnerability from cvelistv5 – Published: 2021-04-28 18:32 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote escalation of privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T18:32:38",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25154",
"datePublished": "2021-04-28T18:32:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7123 (GCVE-0-2020-7123)
Vulnerability from cvelistv5 – Published: 2021-04-28 14:04 – Updated: 2024-08-04 09:18
VLAI?
EPSS
Summary
A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- local escalation of privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T14:04:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7123",
"datePublished": "2021-04-28T14:04:33",
"dateReserved": "2020-01-16T00:00:00",
"dateUpdated": "2024-08-04T09:18:03.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25151 (GCVE-0-2021-25151)
Vulnerability from cvelistv5 – Published: 2021-04-28 18:18 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote insecure deserialization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote insecure deserialization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T18:18:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote insecure deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25151",
"datePublished": "2021-04-28T18:18:26",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25167 (GCVE-0-2021-25167)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:00 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote unauthorized access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:00:28",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25167",
"datePublished": "2021-04-29T11:00:28",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29147 (GCVE-0-2021-29147)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:58 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote arbitray command execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitray command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:58:09",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitray command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29147",
"datePublished": "2021-04-29T11:58:09",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25152 (GCVE-0-2021-25152)
Vulnerability from cvelistv5 – Published: 2021-04-28 19:18 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote insecure deserialization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote insecure deserialization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T19:18:51",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote insecure deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25152",
"datePublished": "2021-04-28T19:18:51",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25147 (GCVE-0-2021-25147)
Vulnerability from cvelistv5 – Published: 2021-04-28 14:15 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote authentication restriction bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote authentication restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T14:15:27",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authentication restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25147",
"datePublished": "2021-04-28T14:15:27",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29139 (GCVE-0-2021-29139)
Vulnerability from cvelistv5 – Published: 2021-04-29 13:16 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:16:56",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29139",
"datePublished": "2021-04-29T13:16:56",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29138 (GCVE-0-2021-29138)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:25 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of privileged information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of privileged information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:25:07",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of privileged information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29138",
"datePublished": "2021-04-29T12:25:07",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29142 (GCVE-0-2021-29142)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:08 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:08:56",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29142",
"datePublished": "2021-04-29T12:08:56",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25163 (GCVE-0-2021-25163)
Vulnerability from cvelistv5 – Published: 2021-04-29 10:45 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T10:45:38",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25163",
"datePublished": "2021-04-29T10:45:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29146 (GCVE-0-2021-29146)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:21 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:21:28",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29146",
"datePublished": "2021-04-29T11:21:28",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29145 (GCVE-0-2021-29145)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:31 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote server side request forgery (ssrf), remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote server side request forgery (ssrf), remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:31:10",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote server side request forgery (ssrf), remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29145",
"datePublished": "2021-04-29T11:31:10",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29144 (GCVE-0-2021-29144)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:52 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:52:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29144",
"datePublished": "2021-04-29T11:52:27",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29141 (GCVE-0-2021-29141)
Vulnerability from cvelistv5 – Published: 2021-04-29 13:30 – Updated: 2024-08-03 22:02
VLAI?
EPSS
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:30:59",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29141",
"datePublished": "2021-04-29T13:30:59",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T22:02:50.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25166 (GCVE-0-2021-25166)
Vulnerability from cvelistv5 – Published: 2021-04-29 10:52 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote unauthorized access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba AirWave Management Platform |
Affected:
Prior to 8.2.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba AirWave Management Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.2.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T10:52:15",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "Prior to 8.2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25166",
"datePublished": "2021-04-29T10:52:15",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…