Hewlett packard enterprise (HPE) has released updates to the AirWave Management Platform that address authentication bypass (CVE-2021-3156) and remote cross-site scripting (XSS - CVE-2021-37715) security vulnerabilities. HPE confirmed that the flaws affected the AirWave management platform prior to version 8.2.13.0. HPE also provided a workaround for HPE AirWave customers.

More information on vulnerabilities and update is available in the Hewlett packard enterprise (HPE) security advisory – hpe.com.