CVE-2019-5314
MEDIUMArubaOS < 6.4.4.20 - HTTP Response Splitting and Reflected Cross-Site Scripting via URL Parameters
Title source: llmDescription
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-74
Status
published
Products (1)
arubanetworks/arubaos
< 6.4.4.20
Published
Sep 13, 2019
Tracked Since
Feb 18, 2026