Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aruba_instant
(Arubanetworks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-10 | CVE-2018-7064 | A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links... | Aruba_instant, Scalance_w1750d_firmware | 6.1 | ||
| 2019-05-10 | CVE-2018-7083 | If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant... | Aruba_instant, Scalance_w1750d_firmware | 7.5 |