CVE-2021-26966

Published Mar 5, 2021

Last updated 4 years ago

Overview

Description
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Source
security-alert@hpe.com
NVD status
Analyzed

Social media

Hype score
Not currently trending

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
5.5
Impact score
4.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-89

Configurations