CVE-2022-37917 Broken Access Control for some Web-based Management URLs in AirWave Management Platform

2022-12-0800:00:00

hpe

www.cve.org

cve-2022-37917

airwave management platform

access control

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

43.2%

JSON

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba AirWave Management Platform",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "8.2.15.0 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt