Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2272

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2272
Last Modified 05 Sep 2008 05:39:57
Published 16 May 2008 08:54:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2272

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Aruba Networks Aruba Mobility Controller 2.4.8

  • Aruba Networks Aruba Mobility Controller 2.5.5

  • Aruba Networks Aruba Mobility Controller 2.5.6

  • Aruba Networks Aruba Mobility Controller 3.1.1

  • Aruba Networks Aruba Mobility Controller 3.2.0

  • Aruba Networks Aruba Mobility Controller 3.3.1


References

XF - aruba-webui-xss(42433)

SECTRACK - 1020033

BID - 29240

BUGTRAQ - 20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)

CONFIRM - http://www.arubanetworks.com/support/alerts/aid-051408.asc

SECUNIA - 30262


Last Updated: 27 May 2016 10:47:48