Lucene search

HpeCVELIST:CVE-2024-41916

HistoryJul 30, 2024 - 5:09 p.m.

CVE-2024-41916 Authenticated Sensitive Information Disclosure in ClearPass Policy Manager

2024-07-3017:09:40

hpe

www.cve.org

clearpass policy manager

sensitive information disclosure

authenticated access

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ClearPass Policy Manager (CPPM)",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=6.12.1",
        "status": "affected",
        "version": "ClearPass Policy Manager 6.12.1 and below",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=6.11.8",
        "status": "affected",
        "version": "ClearPass Policy Manager 6.11.8 and below",
        "versionType": "semver"
      }
    ]
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.9%

JSON

Related for CVELIST:CVE-2024-41916