CVE-2021-26685

2021-02-2317:00:37

hpe

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.5%

JSON

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.

CNA Affected

[
  {
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt