CVE-2023-25591

🗓️ 14 Mar 2023 14:49:52Reported by hpeType

A remote attacker with low privileges can access sensitive information in ClearPass Policy Manager

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-25591	27 Feb 202515:29	–	circl
CNNVD	Aruba Networks ClearPass Policy Manager 安全漏洞	22 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-25591 Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface	14 Mar 202314:49	–	cvelist
EUVD	EUVD-2023-29533	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Aruba Clearpass Policy Manager	16 Mar 202300:00	–	ncsc
NVD	CVE-2023-25591	22 Mar 202306:15	–	nvd
OSV	CVE-2023-25591	22 Mar 202306:15	–	osv
Prion	Design/Logic Flaw	22 Mar 202306:15	–	prion
Positive Technologies	PT-2023-2116 · Aruba · Clearpass Policy Manager	14 Mar 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-25591 Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface	14 Mar 202314:49	–	vulnrichment

NVD

Node

arubanetworks clearpass_policy_managerRange6.9.0–6.9.13

arubanetworks clearpass_policy_managerRange6.10.0–6.10.8

arubanetworks clearpass_policy_managerMatch6.11.0

arubanetworks clearpass_policy_managerMatch6.11.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "6.11.1 and below"
      },
      {
        "status": "affected",
        "version": "6.10.8 and below"
      },
      {
        "status": "affected",
        "version": "6.9.13 and below"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt

27 Feb 2025 16:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5 - 7.6

EPSS0.00176

SSVC

CWE-266