Arubanetworks Security Vulnerabilities (CVEs)
Track 161 security vulnerabilities affecting Arubanetworks products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated remote attackers to perform SQL injection attacks on EdgeConnect SD-WAN Orchestrator's web management interfac...
Jan 14, 2026This SQL injection vulnerability in EdgeConnect SD-WAN Orchestrator's web management interface allows authenticated attackers to execute arbitrary SQL...
Jan 14, 2026This stored XSS vulnerability in EdgeConnect SD-WAN Orchestrator's web interface allows authenticated attackers to inject malicious scripts that execu...
Jan 14, 2026This vulnerability allows unauthenticated remote attackers to bypass multi-factor authentication requirements in an Orchestrator service, enabling the...
Jan 14, 2026This SQL injection vulnerability in EdgeConnect SD-WAN Orchestrator's web management interface allows authenticated attackers to execute arbitrary SQL...
Jan 14, 2026Multiple out-of-bounds read vulnerabilities in a system component that handles data buffers. Insufficient validation of buffer size values allows read...
Jan 13, 2026Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary...
Jan 13, 2026Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow authenticated attackers to execute arbitrary commands...
Jan 13, 2026An authenticated attacker with valid credentials can exploit improper input handling in the web management interface of Aruba mobility conductors runn...
Jan 13, 2026This vulnerability allows authenticated attackers to write arbitrary files on mobility conductors running AOS-10 or AOS-8, potentially leading to remo...
Jan 13, 2026This vulnerability allows authenticated attackers to upload arbitrary files to mobility conductors running AOS-10 or AOS-8 operating systems. Successf...
Jan 13, 2026A command injection vulnerability in AOS-8 allows authenticated privileged users to inject shell commands by manipulating package headers. This could ...
Jan 13, 2026An arbitrary file deletion vulnerability in the command-line interface of Aruba mobility conductors running AOS-10 or AOS-8 allows authenticated remot...
Jan 13, 2026This CVE describes multiple out-of-bounds read vulnerabilities in a system component that handles data buffers. Insufficient validation of buffer size...
Jan 13, 2026An arbitrary file deletion vulnerability in Aruba mobility conductors running AOS-8 allows unauthenticated remote attackers to delete files on affecte...
Jan 13, 2026Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary...
Jan 13, 2026A stack overflow vulnerability in the AOS-10 web management interface of HPE Mobility Gateway allows authenticated attackers to execute arbitrary code...
Jan 13, 2026An unauthenticated remote denial-of-service vulnerability in HPE web management interfaces allows attackers to crash affected systems, requiring manua...
Nov 18, 2025This vulnerability allows authenticated remote attackers to inject malicious commands through the device's command line interface, potentially executi...
Nov 18, 2025This CVE describes a command injection vulnerability in HPE Aruba Networking Airwave Platform's CLI that allows authenticated attackers to execute arb...
Nov 18, 2025This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via the C...
Oct 14, 2025An authenticated attacker can download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through the web management inter...
Oct 14, 2025This vulnerability allows authenticated attackers to download arbitrary files from affected Aruba networking devices through path traversal attacks. I...
Oct 14, 2025This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through a...
Oct 14, 2025An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows attackers with valid credentials to e...
Oct 14, 2025This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Controller/Mobility Conductor systems via the comman...
Oct 14, 2025This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Controller/Mobility Conductor systems through the co...
Oct 14, 2025An authenticated command injection vulnerability in AOS-10 GW and AOS-8 Controllers/Mobility Conductor allows attackers with physical access to execut...
Oct 14, 2025This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through t...
Oct 14, 2025This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via CLI b...
Oct 14, 2025An authenticated attacker can upload arbitrary files to the web management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor systems, pot...
Oct 14, 2025An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows authenticated attackers to execute ar...
Oct 14, 2025This vulnerability in HPE Aruba ClearPass Policy Manager allows authenticated remote attackers to execute arbitrary commands on the underlying host wi...
Feb 4, 2025This vulnerability in HPE Aruba ClearPass Policy Manager allows authenticated high-privilege attackers to access sensitive directories through the web...
Feb 4, 2025An authenticated remote attacker can inject malicious scripts into the HPE Aruba Networking Fabric Composer web management interface, which then execu...
Jan 28, 2025This vulnerability allows authenticated attackers to inject malicious scripts into the HPE Aruba Networking Fabric Composer web interface, which then ...
Jan 28, 2025This CVE describes a privilege escalation vulnerability in HPE Aruba Networking Fabric Composer's web management interface. Authenticated low-privileg...
Jan 28, 2025An authenticated remote code execution vulnerability in ClearPass Policy Manager's web interface allows authenticated attackers to execute arbitrary c...
Dec 3, 2024This vulnerability in ClearPass Policy Manager's web interface allows authenticated remote attackers to execute arbitrary commands on the host system ...
Dec 3, 2024This vulnerability allows authenticated remote attackers to execute arbitrary commands on HPE Aruba ClearPass Policy Manager systems through the web m...
Dec 3, 2024Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Attackers can exploit these vul...
Aug 6, 2024Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation allows ...
Aug 6, 2024This vulnerability in the Soft AP Daemon Service allows unauthenticated remote attackers to execute arbitrary commands on affected systems, leading to...
Aug 6, 2024An authenticated SQL injection vulnerability in ClearPass Policy Manager's web management interface allows attackers to execute arbitrary SQL commands...
Jul 30, 2024An authenticated command injection vulnerability in HPE Aruba EdgeConnect SD-WAN gateways allows attackers with CLI access to execute arbitrary comman...
Jul 24, 2024A reflected cross-site scripting (XSS) vulnerability in the EdgeConnect SD-WAN Orchestrator web management interface allows remote attackers to execut...
Jul 24, 2024This stored XSS vulnerability in EdgeConnect SD-WAN Orchestrator's web management interface allows authenticated attackers to inject malicious scripts...
Jul 24, 2024This vulnerability allows authenticated remote attackers to conduct server-side prototype pollution attacks in EdgeConnect SD-WAN Orchestrator's web m...
Jul 24, 2024An authenticated sensitive information disclosure vulnerability in the CLI service accessed via PAPI protocol allows attackers to read arbitrary files...
May 14, 2024Unauthenticated attackers can cause Denial of Service (DoS) by exploiting vulnerabilities in the CLI service accessed via the PAPI protocol in Aruba/H...
May 14, 2024Why Monitor Arubanetworks Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 161+ known vulnerabilities affecting Arubanetworks products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Arubanetworks packages in under 60 seconds. No agents required - completely agentless scanning that works across Arubanetworks deployments.
Free vulnerability database: Access detailed information about every Arubanetworks CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Arubanetworks CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
