Main Vulnerability Database SB20231017155

SB20231017155 - Information disclosure in HPE Aruba AirWave Management Platform

Published: October 17, 2023 Updated: April 17, 2025

Security Bulletin ID SB20231017155

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2023-4896)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.

Remediation

Install update from vendor's website.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt