ByteOS Network

CVE Vulnerability Details :

CVE-2023-4896

PUBLISHED

More Info Official Page

Assigner-hpe

Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0

Published At-17 Oct, 2023 | 19:01

Updated At-13 Sep, 2024 | 19:34

▼CVE Numbering Authority (CNA)

Authenticated Disclosure of Sensitive Information in AirWave Management Platform

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.

Affected Products

Vendor

Hewlett Packard Enterprise (HPE)

Product

Aruba AirWave Management Platform

Default Status

unaffected

Versions

Affected

8.3.0.1 and below
8.2.15.2 and below

Metrics

Version	Base score	Base severity	Vector
3.1	6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Credits

reporter

1njected (bugcrowd.com/1njected)

References

Hyperlink	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt	N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt	x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References