Design/Logic Flaw

2023-03-2206:15:00

PRIOn knowledge base

www.prio-n.com

clearpass policy manager

web interface

vulnerability

unauthorized access

sensitive information

remote attacker

low privileges

successful exploit

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance.

CPENameOperatorVersion
clearpass_policy_managerge6.9.0
clearpass_policy_managerle6.9.13
clearpass_policy_managerge6.10.0
clearpass_policy_managerle6.10.8
clearpass_policy_managereq6.11.0
clearpass_policy_managereq6.11.1

Name	Operator	Version
clearpass_policy_manager	ge	6.9.0
clearpass_policy_manager	le	6.9.13
clearpass_policy_manager	ge	6.10.0
clearpass_policy_manager	le	6.10.8
clearpass_policy_manager	eq	6.11.0
clearpass_policy_manager	eq	6.11.1

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt