exploitDog

CVE-2022-37916

Опубликовано: 08 дек. 2022

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt
Mitigation
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*

Версия до 8.2.15.0 (включая)

EPSS

Процентиль: 45%

0.00225

Низкий

8.1 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-4w4g-w5xw-9p3m

CVSS3: 8.1

github

около 3 лет назад

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.

EPSS

Процентиль: 45%

0.00225

Низкий

8.1 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284