Aruba AirWave Management Platform: Authenticated Remote SQL Injection Vulnerability

Aruba AirWave Management Platform: Authenticated Remote SQL Injection Vulnerability

CVE-2021-26965 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.