CVE-2016-8527: CVE-2016-8527

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-8527

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Aruba AirWave Management Platform 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Aruba AirWave是美国安移通网络（Aruba）公司的一套适用于多供应商管理系统的网络管理软件。该软件具备端到端监控能力，可改善网络操作和管理RF安全性，以及提供实时监控、主动报警和历史数据报告等功能。VisualRF是其中的一个射频组件。 Aruba AirWave 8.2.3.1之前的版本中的VisualRF组件存在跨站脚本漏洞。攻击者可通过诱使用户点击恶意链接利用该漏洞获取敏感信息（包括会话cookies或密码）。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Hewlett Packard Enterprise	Aruba AirWave	all versions up to, but not including, 8.2.3.1	-

II. Public POCs for CVE-2016-8527

#	POC Description	Source Link	Shenlong Link
1	Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-8527.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-8527

Please Login to view more intelligence information

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-001.txtx_refsource_CONFIRM
http://www.securityfocus.com/bid/96495vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/41482/exploitx_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2016-8527

New Vulnerabilities

Product: Aruba AirWave

CVE-2016-8526
Aruba AirWave Management Platform 安全漏洞

Vendor: Hewlett Packard Enterprise

V. Comments for CVE-2016-8527

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2016-8527

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-8527

III. Intelligence Information for CVE-2016-8527

New Vulnerabilities

V. Comments for CVE-2016-8527

Leave a comment