CVE-2016-8526

Name of the Vulnerable Software and Affected Versions Aruba Airwave versions up to, but not including, 8.2.3.1

Description The issue allows an unprivileged user to control the contents of XML files, which can be used as an attack vector. This is due to the XML parser's ability to access storage on external systems through XML external entities (XXE). As the XML parser runs with the permissions of the web server and has access to the local filesystem, it can access any file readable by the web server and copy it to an external system chosen by the attacker. This could include files containing passwords, potentially leading to privilege escalation.

Recommendations For Aruba Airwave versions up to, but not including, 8.2.3.1, update to version 8.2.3.1 or later to resolve the issue.