Unrated severityNVD Advisory· Published Dec 7, 2018· Updated Aug 5, 2024
CVE-2018-7065
CVE-2018-7065
Description
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Affected products
2<6.6.10-hotfix, <6.7.6+ 1 more
- (no CPE)range: <6.6.10-hotfix, <6.7.6
- (no CPE)range: All versions of ClearPass prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied
Patches
Vulnerability mechanics
References
1- www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txtmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.