CVE-2021-26965

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions prior to 8.2.12.0

Description: A remote authenticated SQL injection issue was discovered in the API of Aruba AirWave Management Platform. This allows an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance, potentially obtaining and modifying sensitive information in the underlying database.

Recommendations: For versions prior to 8.2.12.0, update to version 8.2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.