Every CVE whose affected-product data names Arubanetworks Airwave, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2016-2031 — CVSS 9.8 (critical): Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and…
CVE-2014-8368 — CVSS 9.0 (critical): The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and…
CVE-2021-26961 — CVSS 8.8 (high): A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s)…
CVE-2021-25151 — CVSS 8.8 (high): A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2021-25166 — CVSS 8.8 (high): A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2021-25167 — CVSS 8.8 (high): A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2021-26960 — CVSS 8.8 (high): A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s)…
CVE-2022-37918 — CVSS 8.1 (high): Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access…
CVE-2022-37917 — CVSS 8.1 (high): Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access…
CVE-2021-25153 — CVSS 8.1 (high): A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released…
CVE-2021-25147 — CVSS 8.1 (high): A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1…
CVE-2021-25165 — CVSS 8.1 (high): A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2021-25163 — CVSS 8.1 (high): A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2022-37916 — CVSS 8.1 (high): Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access…
CVE-2021-25154 — CVSS 7.5 (high): A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2016-2032 — CVSS 7.5 (high): A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system…
CVE-2019-5326 — CVSS 7.2 (high): An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on…
CVE-2021-25152 — CVSS 7.2 (high): A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2025-37163 — CVSS 7.2 (high): A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An…
CVE-2015-2201 — CVSS 7.2 (high): Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
CVE-2021-26962 — CVSS 7.2 (high): A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to…
CVE-2021-26963 — CVSS 7.2 (high): A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to…
CVE-2015-2202 — CVSS 7.2 (high): Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
CVE-2019-5323 — CVSS 7.2 (high): There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user…
CVE-2021-26964 — CVSS 7.1 (high): A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0…
CVE-2023-4896 — CVSS 6.8 (medium): A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based…
CVE-2021-25164 — CVSS 6.5 (medium): A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has…
CVE-2021-26969 — CVSS 6.5 (medium): A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform…
CVE-2021-26966 — CVSS 6.5 (medium): A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0…
CVE-2021-26965 — CVSS 6.5 (medium): A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0…
CVE-2021-26971 — CVSS 6.3 (medium): A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to…
CVE-2021-26970 — CVSS 6.3 (medium): A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to…
CVE-2021-26967 — CVSS 6.1 (medium): A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to…
CVE-2021-29137 — CVSS 6.1 (medium): A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released…
CVE-2021-37715 — CVSS 4.8 (medium): A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba…
CVE-2021-26968 — CVSS 4.8 (medium): A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s)…