{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T20:53:21.994","vulnerabilities":[{"cve":{"id":"CVE-2020-24641","sourceIdentifier":"security-alert@hpe.com","published":"2021-01-15T19:15:13.703","lastModified":"2024-11-21T05:15:19.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface."},{"lang":"es","value":"En Aruba AirWave Glass versiones anteriores a 1.3.3, Se presenta una vulnerabilidad de tipo Server-Side Request Forgery por medio de un endpoint no autenticado que, si se explotaba con éxito, puede resultar en una divulgación de información confidencial.&#xa0;Esto puede ser usado para llevar a cabo una omisión de autenticación y, en última instancia, conseguir acceso administrativo en la interfaz web administrativa"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arubanetworks:airwave_glass:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"D5440D98-25CE-48A1-8481-155B6C0CEBB0"}]}]}],"references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt","source":"security-alert@hpe.com","tags":["Vendor Advisory"]},{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}