Lucene search

K
ArubanetworksClearpass Policy Manager

136 matches found

CVE
CVE
added 2021/07/08 9:15 p.m.52 views

CVE-2021-34616

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

6.5CVSS6.5AI score0.01743EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.51 views

CVE-2015-1551

Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

4CVSS6.8AI score0.00249EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.51 views

CVE-2022-23694

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information i...

8.8CVSS8.9AI score0.00353EPSS
CVE
CVE
added 2022/09/20 8:15 p.m.49 views

CVE-2022-37881

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.3AI score0.0057EPSS
CVE
CVE
added 2021/02/23 6:15 p.m.48 views

CVE-2021-26682

A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) ...

6.1CVSS5.8AI score0.00249EPSS
CVE
CVE
added 2021/07/08 8:15 p.m.48 views

CVE-2021-34613

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

6.5CVSS6.5AI score0.01743EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.48 views

CVE-2022-23692

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information i...

8.8CVSS8.9AI score0.00353EPSS
CVE
CVE
added 2022/09/20 8:15 p.m.47 views

CVE-2022-37877

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s)...

7.8CVSS7.8AI score0.00104EPSS
CVE
CVE
added 2023/03/22 6:15 a.m.47 views

CVE-2023-25594

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changi...

8.8CVSS7.3AI score0.00106EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.46 views

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interfac...

7.2CVSS7.2AI score0.00632EPSS
CVE
CVE
added 2021/07/08 3:15 p.m.46 views

CVE-2021-29150

A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

9CVSS6.9AI score0.01426EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.46 views

CVE-2022-43530

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information i...

8.8CVSS8.9AI score0.00327EPSS
CVE
CVE
added 2023/03/22 6:15 a.m.46 views

CVE-2023-25593

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...

7.1CVSS6.1AI score0.00071EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.45 views

CVE-2015-1389

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

4.3CVSS5.8AI score0.09548EPSS
CVE
CVE
added 2022/09/20 8:15 p.m.45 views

CVE-2022-37883

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.3AI score0.0057EPSS
CVE
CVE
added 2023/03/22 6:15 a.m.45 views

CVE-2023-25591

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileg...

7.6CVSS6.5AI score0.00073EPSS
CVE
CVE
added 2021/07/08 4:15 p.m.44 views

CVE-2021-34610

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

9CVSS7.1AI score0.03295EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.44 views

CVE-2022-23685

A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can con...

8.8CVSS8.9AI score0.00711EPSS
CVE
CVE
added 2022/09/20 8:15 p.m.44 views

CVE-2022-37880

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.3AI score0.0057EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.44 views

CVE-2022-43532

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script c...

8CVSS4.9AI score0.00109EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.44 views

CVE-2022-43540

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager ...

5.5CVSS5.1AI score0.00054EPSS
CVE
CVE
added 2024/07/30 5:15 p.m.44 views

CVE-2024-41916

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network serv...

6.8CVSS6.5AI score0.00209EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.43 views

CVE-2022-23695

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information i...

8.8CVSS8.9AI score0.00353EPSS
CVE
CVE
added 2024/07/30 5:15 p.m.43 views

CVE-2024-5486

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network serv...

5.8CVSS5.5AI score0.00145EPSS
CVE
CVE
added 2017/10/16 6:29 p.m.42 views

CVE-2015-4650

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.

10CVSS9.8AI score0.05487EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.42 views

CVE-2018-7079

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege ...

7.2CVSS7AI score0.00338EPSS
CVE
CVE
added 2022/09/20 8:15 p.m.42 views

CVE-2022-37879

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.3AI score0.0057EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.41 views

CVE-2018-7066

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the A...

9.3CVSS9.5AI score0.01836EPSS
CVE
CVE
added 2020/06/03 1:15 p.m.41 views

CVE-2020-7116

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resoluti...

9CVSS7.1AI score0.01944EPSS
CVE
CVE
added 2021/10/15 2:15 p.m.41 views

CVE-2021-40986

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

9CVSS7.2AI score0.02519EPSS
CVE
CVE
added 2021/10/15 3:15 p.m.41 views

CVE-2021-40993

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Pol...

8.1CVSS8.4AI score0.00242EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.41 views

CVE-2022-23693

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information i...

8.8CVSS8.9AI score0.00353EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.40 views

CVE-2015-1392

Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8.7AI score0.00227EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.40 views

CVE-2022-43533

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s)...

7.8CVSS7.7AI score0.0007EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.40 views

CVE-2022-43536

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete ...

8.8CVSS8.7AI score0.00213EPSS
CVE
CVE
added 2023/03/22 6:15 a.m.40 views

CVE-2023-25592

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...

7.1CVSS6.1AI score0.00071EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.40 views

CVE-2023-43508

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-chang...

6.5CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2014/08/29 2:0 p.m.39 views

CVE-2014-2593

The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

9CVSS7.4AI score0.00677EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.39 views

CVE-2015-4132

Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.8AI score0.00284EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.39 views

CVE-2018-7063

In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compro...

8.1CVSS8AI score0.00487EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.39 views

CVE-2018-7065

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerab...

7.2CVSS7.4AI score0.00304EPSS
CVE
CVE
added 2021/02/23 7:15 p.m.39 views

CVE-2021-26679

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying ho...

9CVSS7.2AI score0.03289EPSS
CVE
CVE
added 2021/07/08 5:15 p.m.39 views

CVE-2021-34609

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

8.8CVSS8.9AI score0.00608EPSS
CVE
CVE
added 2021/10/15 3:15 p.m.39 views

CVE-2021-40997

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for Clear...

9.8CVSS9.6AI score0.00709EPSS
CVE
CVE
added 2023/01/05 7:15 a.m.39 views

CVE-2022-43537

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete ...

7.2CVSS7.2AI score0.0035EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.39 views

CVE-2023-43506

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

7.8CVSS7.8AI score0.00115EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.39 views

CVE-2023-43507

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in t...

8.8CVSS7.7AI score0.00414EPSS
CVE
CVE
added 2024/07/30 5:15 p.m.39 views

CVE-2024-41915

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in t...

8.8CVSS7AI score0.00227EPSS
CVE
CVE
added 2021/02/23 6:15 p.m.38 views

CVE-2021-26684

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying ho...

9CVSS7.2AI score0.03289EPSS
CVE
CVE
added 2021/07/08 4:15 p.m.38 views

CVE-2021-29151

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

4.3CVSS4.9AI score0.00137EPSS
Total number of security vulnerabilities136