How severe is CVE-2016-8526?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2016-8526?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2016-8526 - HIGH Severity | CVSS 8.8

Vulnerability Description

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.

Related Vulnerabilities

CVE-2010-3322

HIGH

CVSS:8.8(High)

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

CWE-6112010

CVE-2014-0225

HIGH

CVSS:8.8(High)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references ...

CWE-6112014

CVE-2014-2296

HIGH

CVSS:8.8(High)

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remo...

CWE-6112014

CVE-2016-5851

HIGH

CVSS:8.8(High)

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CWE-6112016

CVE-2017-1000021

HIGH

CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.

CWE-6112017

CVE-2017-1000496

HIGH

CVSS:8.8(High)

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

CWE-6112017