CVE-2021-26969

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions prior to 8.2.12.0

Description: A remote authenticated XML External Entity (XXE) issue was discovered in the web-based management interface of the platform. This is due to improper restrictions on XML entities. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.

Recommendations: For versions prior to 8.2.12.0, update to version 8.2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.