Sql injection

2021-02-2317:15:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.5%

JSON

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.

CPENameOperatorVersion
clearpass_policy_managerge6.9.0
clearpass_policy_managerlt6.9.5
clearpass_policy_managerge6.8.0
clearpass_policy_managerle6.8.8
clearpass_policy_managerle6.7.14

Name	Operator	Version
clearpass_policy_manager	ge	6.9.0
clearpass_policy_manager	lt	6.9.5
clearpass_policy_manager	ge	6.8.0
clearpass_policy_manager	le	6.8.8
clearpass_policy_manager	le	6.7.14

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt