By Eduard Kovacs on March 01, 2017
HPE-owned network access solutions provider Aruba has patched XML external entity (XXE) and cross-site scripting (XSS) vulnerabilities in its AirWave network management platform.
The vulnerabilities were reported to Aruba by Pichaya Morimoto of SEC Consult and independently by two other researchers. Both weaknesses affect AirWave’s VisualRF component.
The XXE flaw, tracked as CVE-2016-8526, allows a low-privileged user to read files on the system, including ones that could include passwords, which could lead to privilege escalation.
Full Article
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico