4.9

CVE-2026-44874

EPSS 0.03%
Veröffentlicht 12.05.2026 19:19:25
Zuletzt bearbeitet 15.05.2026 12:44:39
Quelle security-alert@hpe.com
CVE-Watchlists
Login
Unerledigt
Login

Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arubanetworks ≫ Arubaos Version >= 10.4.0.0 < 10.4.1.11

Arubanetworks ≫ Arubaos Version >= 10.5.0.0 < 10.7.2.3

Arubanetworks ≫ Arubaos Version10.8.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-alert@hpe.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-44874

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-44874

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-44874

EUVD