In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt | Vendor Advisory |
Configurations
History
21 Jan 2021, 16:27
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt - Vendor Advisory | |
CPE | cpe:2.3:a:arubanetworks:airwave_glass:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-918 |
15 Jan 2021, 19:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-15 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-24641
Mitre link : CVE-2020-24641
CVE.ORG link : CVE-2020-24641
JSON object : View
Products Affected
arubanetworks
- airwave_glass