CVE-2021-25164

MEDIUM

Aruba AirWave < 8.2.12.1 - XML External Entity Injection

Title source: llm

Description

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt

Scores

CVSS v3 6.5

EPSS 0.0109

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-611

Status published

Products (1)

arubanetworks/airwave < 8.2.12.1

Published Apr 28, 2021

Tracked Since Feb 18, 2026