CVE-2021-26966

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions prior to 8.2.12.0

Description: A remote authenticated SQL injection issue was discovered in the API of AirWave, allowing an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. This could enable an attacker to obtain and modify sensitive information in the underlying database.

Recommendations: For versions prior to 8.2.12.0, update to version 8.2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AirWave API to minimize the risk of exploitation.