Reflected Cross-Site Scripting Vulnerability in Aruba AirWave
CVE-2016-8527

6.1MEDIUM

Key Information:

Vendor

HP
Status
Aruba Airwave
Vendor
CVE Published:
6 August 2018

What is CVE-2016-8527?

The Aruba AirWave platform has a vulnerability in its VisualRF component that allows for reflected cross-site scripting (XSS). This weakness can be exploited by attackers who can trick an authenticated administrative user into clicking on a specially crafted link. By doing so, the attacker gains access to sensitive information such as session cookies or passwords stored in the browser. This points to a significant risk for organizations using AirWave, as it underscores the importance of secure practices while navigating administrative interfaces.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aruba AirWave all versions up to, but not including, 8.2.3.1

References

http://www.securityfocus.com/bid/96495
vdb-entryx_refsource_BID
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/41482/
exploitx_refsource_EXPLOIT-DB

EPSS Score

59% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.