Clearpass Security Vulnerabilities and Issues — Clearpass CVE List

Lucene search

ArubanetworksClearpass

11 matches found

CVE•added 2014/11/07 7:55 p.m.•38 views

CVE-2014-6623

Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.

4.3CVSS7.3AI score0.00302EPSS

CVE•added 2014/11/19 6:59 p.m.•36 views

CVE-2014-5342

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.

10CVSS7.9AI score0.02596EPSS

CVE•added 2014/11/19 6:59 p.m.•36 views

CVE-2014-6624

The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8CVSS6.4AI score0.00273EPSS

CVE•added 2014/11/07 7:55 p.m.•33 views

CVE-2014-6620

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2014/11/19 6:59 p.m.•33 views

CVE-2014-6626

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.

10CVSS7.5AI score0.03949EPSS

CVE•added 2014/07/15 2:55 p.m.•32 views

CVE-2014-4031

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.

4CVSS6.3AI score0.00176EPSS

CVE•added 2014/11/19 6:59 p.m.•32 views

CVE-2014-6625

The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.

9CVSS6.7AI score0.00421EPSS

CVE•added 2014/11/19 6:59 p.m.•32 views

CVE-2014-6627

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

9CVSS7.9AI score0.02596EPSS

CVE•added 2014/07/14 2:55 p.m.•31 views

CVE-2014-4013

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

4.9CVSS8.2AI score0.00329EPSS

CVE•added 2014/11/19 6:59 p.m.•30 views

CVE-2014-6622

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.

5CVSS6.9AI score0.0025EPSS

CVE•added 2014/11/19 6:59 p.m.•29 views

CVE-2014-6621

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.

5CVSS6.4AI score0.0025EPSS