Описание
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
EPSS
6.5 Medium
CVSS3
5.5 Medium
CVSS2