Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by aruba
CVE-2023-44983 (GCVE-0-2023-44983)
Vulnerability from cvelistv5 – Published: 2023-12-19 15:29 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Aruba HiSpeed Cache Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.
Severity
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/aru… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Aruba.it | Aruba HiSpeed Cache |
Affected:
n/a , ≤ 2.0.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "aruba-hispeed-cache",
"product": "Aruba HiSpeed Cache",
"vendor": "Aruba.it",
"versions": [
{
"changes": [
{
"at": "2.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.\u003cp\u003eThis issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:40.755Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.0.7 or a higher version."
}
],
"value": "Update to\u00a02.0.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Aruba HiSpeed Cache Plugin \u003c= 2.0.6 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-44983",
"datePublished": "2023-12-19T15:29:33.268Z",
"dateReserved": "2023-10-02T09:38:08.906Z",
"dateUpdated": "2026-04-28T16:08:40.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-34618 (GCVE-0-2021-34618)
Vulnerability from cvelistv5 – Published: 2021-07-19 19:38 – Updated: 2024-08-04 00:19
VLAI
Summary
A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Severity
No CVSS data available.
CWE
- remote denial of service (DoS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant Access Points |
Affected:
Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below
Affected: Aruba Instant 6.5.x: 6.5.4.18 and below Affected: Aruba Instant 8.3.x: 8.3.0.14 and below Affected: Aruba Instant 8.4.x: All versions Affected: Aruba Instant 8.5.x: 8.5.0.11 and below Affected: Aruba Instant 8.6.x: 8.6.0.7 and below Affected: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.4.x: All versions"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote denial of service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:38:57.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-34618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.4.x: All versions"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-34618",
"datePublished": "2021-07-19T19:38:57.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:19:47.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34617 (GCVE-0-2021-34617)
Vulnerability from cvelistv5 – Published: 2021-07-19 19:33 – Updated: 2024-08-04 00:19
VLAI
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below; Aruba Instant 8.3.x: 8.3.0.7 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Severity
No CVSS data available.
CWE
- remote cross-site scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant Access Points |
Affected:
Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below
Affected: Aruba Instant 6.5.x: 6.5.4.13 and below Affected: Aruba Instant 8.3.x: 8.3.0.7 and below Affected: Aruba Instant 8.4.x: 8.4.0.5 and below Affected: Aruba Instant 8.5.x: 8.5.0.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below; Aruba Instant 8.3.x: 8.3.0.7 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:33:57.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-34617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.13 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.7 and below"
},
{
"version_value": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below; Aruba Instant 8.3.x: 8.3.0.7 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-34617",
"datePublished": "2021-07-19T19:33:57.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:19:47.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4023 (GCVE-0-2007-4023)
Vulnerability from cvelistv5 – Published: 2007-07-26 19:00 – Updated: 2024-08-07 14:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/680449 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/25059 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/2646 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/26192 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1018457 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/36469 | vdb-entryx_refsource_OSVDB |
| http://www.arubanetworks.com/support/alerts/aid-0… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#680449",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/680449"
},
{
"name": "25059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25059"
},
{
"name": "ADV-2007-2646",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2646"
},
{
"name": "26192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26192"
},
{
"name": "1018457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018457"
},
{
"name": "36469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
},
{
"name": "aruba-mobility-login-xss(35605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#680449",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/680449"
},
{
"name": "25059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25059"
},
{
"name": "ADV-2007-2646",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2646"
},
{
"name": "26192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26192"
},
{
"name": "1018457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018457"
},
{
"name": "36469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
},
{
"name": "aruba-mobility-login-xss(35605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#680449",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/680449"
},
{
"name": "25059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25059"
},
{
"name": "ADV-2007-2646",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2646"
},
{
"name": "26192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26192"
},
{
"name": "1018457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018457"
},
{
"name": "36469",
"refsource": "OSVDB",
"url": "http://osvdb.org/36469"
},
{
"name": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
},
{
"name": "aruba-mobility-login-xss(35605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4023",
"datePublished": "2007-07-26T19:00:00.000Z",
"dateReserved": "2007-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0931 (GCVE-0-2007-0931)
Vulnerability from cvelistv5 – Published: 2007-02-14 11:00 – Updated: 2024-08-07 12:34
VLAI
Summary
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/459928/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.kb.cert.org/vuls/id/319913 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/24144 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/22538 | vdb-entryx_refsource_BID |
| http://osvdb.org/33184 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/2244 | third-party-advisoryx_refsource_SREASON |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2007-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459928/100/0/threaded"
},
{
"name": "VU#319913",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/319913"
},
{
"name": "24144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24144"
},
{
"name": "aruba-management-interface-bo(32459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32459"
},
{
"name": "22538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "33184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33184"
},
{
"name": "2244",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2244"
},
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459928/100/0/threaded"
},
{
"name": "VU#319913",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/319913"
},
{
"name": "24144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24144"
},
{
"name": "aruba-management-interface-bo(32459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32459"
},
{
"name": "22538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "33184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33184"
},
{
"name": "2244",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2244"
},
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459928/100/0/threaded"
},
{
"name": "VU#319913",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/319913"
},
{
"name": "24144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24144"
},
{
"name": "aruba-management-interface-bo(32459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32459"
},
{
"name": "22538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "33184",
"refsource": "OSVDB",
"url": "http://osvdb.org/33184"
},
{
"name": "2244",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2244"
},
{
"name": "20070213 Aruba Mobility Controller Management Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0931",
"datePublished": "2007-02-14T11:00:00.000Z",
"dateReserved": "2007-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:21.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0932 (GCVE-0-2007-0932)
Vulnerability from cvelistv5 – Published: 2007-02-14 11:00 – Updated: 2024-08-07 12:34
VLAI
Summary
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/33185 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/459927/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/24144 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2243 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/22538 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/613833 | third-party-advisoryx_refsource_CERT-VN |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33185",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33185"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459927/100/0/threaded"
},
{
"name": "24144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24144"
},
{
"name": "2243",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2243"
},
{
"name": "22538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "VU#613833",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/613833"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html"
},
{
"name": "aruba-guestaccount-privilege-escalation(32461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33185",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33185"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459927/100/0/threaded"
},
{
"name": "24144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24144"
},
{
"name": "2243",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2243"
},
{
"name": "22538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "VU#613833",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/613833"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html"
},
{
"name": "aruba-guestaccount-privilege-escalation(32461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33185",
"refsource": "OSVDB",
"url": "http://osvdb.org/33185"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459927/100/0/threaded"
},
{
"name": "24144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24144"
},
{
"name": "2243",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2243"
},
{
"name": "22538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22538"
},
{
"name": "VU#613833",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613833"
},
{
"name": "20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html"
},
{
"name": "aruba-guestaccount-privilege-escalation(32461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0932",
"datePublished": "2007-02-14T11:00:00.000Z",
"dateReserved": "2007-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:21.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}