By Eduard Kovacs on March 01, 2017
HPE-owned network access solutions provider Aruba has patched XML external entity (XXE) and cross-site scripting (XSS) vulnerabilities in its AirWave network management platform.
The vulnerabilities were reported to Aruba by Pichaya Morimoto of SEC Consult and independently by two other researchers. Both weaknesses affect AirWave’s VisualRF component.
The XXE flaw, tracked as CVE-2016-8526, allows a low-privileged user to read files on the system, including ones that could include passwords, which could lead to privilege escalation.
Full Article
Aruba Patches Vulnerabilities in AirWave Product
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.