threat
engine
.sh
Back
·
··:··
Home
/
Product
/
arubanetworks airwave
Product
arubanetworks airwave
40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-37163
< 8.3.0.5
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform.
7.2
HIGH
CVE-2023-4896
<= 8.2.15.2
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform w
6.8
MEDIUM
CVE-2015-2202
>= 7.0.0 and < 7.7.14.2
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS
7.2
HIGH
CVE-2015-2201
>= 7.0.0 and < 7.7.14.2
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrati
7.2
HIGH
CVE-2015-1391
>= 8.0.0.0 and < 8.0.7
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
8.8
HIGH
CVE-2015-1390
>= 8.0.0.0 and < 8.0.7
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
6.1
MEDIUM
CVE-2022-37918
<= 8.2.15.0
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper
8.1
HIGH
CVE-2022-37917
<= 8.2.15.0
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper
8.1
HIGH
CVE-2022-37916
<= 8.2.15.0
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper
8.1
HIGH
CVE-2021-37715
< 8.2.13.0
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.
4.8
MEDIUM
CVE-2021-29137
< 8.2.12.1
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has
6.1
MEDIUM
CVE-2021-25167
< 8.2.12.1
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba
8.8
HIGH
CVE-2021-25166
< 8.2.12.1
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba
8.8
HIGH
CVE-2021-25163
< 8.2.12.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba
8.1
HIGH
CVE-2021-25165
< 8.2.12.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba
8.1
HIGH
CVE-2021-25164
< 8.2.12.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba
6.5
MEDIUM
CVE-2021-25152
< 8.2.12.1
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
7.2
HIGH
CVE-2021-25154
< 8.2.12.1
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. A
7.5
HIGH
CVE-2021-25153
< 8.2.12.1
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has r
8.1
HIGH
CVE-2021-25151
< 8.2.12.1
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
8.8
HIGH
CVE-2021-25147
< 8.2.12.1
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8
8.1
HIGH
CVE-2021-26971
< 8.2.12.0
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): P
6.3
MEDIUM
CVE-2021-26970
< 8.2.12.0
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): P
6.3
MEDIUM
CVE-2021-26969
< 8.2.12.0
A remote authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform v
6.5
MEDIUM
CVE-2021-26968
< 8.2.12.0
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version
4.8
MEDIUM
CVE-2021-26967
< 8.2.12.0
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior
6.1
MEDIUM
CVE-2021-26966
< 8.2.12.0
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12
6.5
MEDIUM
CVE-2021-26965
< 8.2.12.0
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12
6.5
MEDIUM
CVE-2021-26964
< 8.2.12.0
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to
7.1
HIGH
CVE-2021-26963
< 8.2.12.0
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): P
7.2
HIGH
CVE-2021-26962
< 8.2.12.0
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): P
7.2
HIGH
CVE-2021-26961
< 8.2.12.0
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform versi
8.8
HIGH
CVE-2021-26960
< 8.2.12.0
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform versi
8.8
HIGH
CVE-2019-5326
>= 8.0.0 and < 8.2.10.1
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execu
7.2
HIGH
CVE-2019-5323
>= 8.0.0 and < 8.2.10.1
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrati
7.2
HIGH
CVE-2016-2032
< 8.2.0.0
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying syst
7.5
HIGH
CVE-2016-2031
< 8.2.0.0
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input
9.8
CRITICAL
CVE-2016-8527
< 8.2.3.1
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerab
6.1
MEDIUM
CVE-2016-8526
< 8.2.3.1
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to pe
8.8
HIGH
CVE-2014-8368
>= 7.7.0 and < 7.7.14
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privilege
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin