CVE-2021-26965
MEDIUMAruba AirWave < 8.2.12.0 - Authenticated SQL Injection
Title source: llmDescription
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt
Scores
CVSS v3
6.5
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-89
Status
published
Products (1)
arubanetworks/airwave
< 8.2.12.0
Published
Mar 05, 2021
Tracked Since
Feb 18, 2026