XML External Entity Vulnerability in Aruba Airwave
CVE-2016-8526

8.8HIGH

Key Information:

Vendor

HP
Status
Aruba Airwave
Vendor
CVE Published:
6 August 2018

What is CVE-2016-8526?

Aruba Airwave prior to version 8.2.3.1 is susceptible to an XML external entity (XXE) attack, allowing an attacker to control XML file contents. This can lead to unauthorized access to sensitive information on the local filesystem of the web server. Exploiting this vulnerability could enable attackers to extract files containing confidential data, such as passwords, potentially resulting in privilege escalation and further compromising system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aruba AirWave all versions up to, but not including, 8.2.3.1

References

http://www.securityfocus.com/bid/96495
vdb-entryx_refsource_BID
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/41482/
exploitx_refsource_EXPLOIT-DB

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.