Sven Blumenstein

Name of the Vulnerable Software and Affected Versions: Aruba Instate versions prior to 4.1.3.0 Aruba Instate versions prior to 4.2.3.1 Description: The issue is caused by insufficient validation of user-supplied input and insufficient checking of parameters. This could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions, and execute arbitrary code. Recommendations: For versions prior to 4.1.3.0, update to version 4.1.3.0 or later. For versions prior to 4.2.3.1, update to version 4.2.3.1 or later.

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions prior to 8.2 Description: A vulnerability exists in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672. Recommendations: For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RabbitMQ management interface on TCP ports 15672 and 55672 until a patch is applied.