VYPR

ClearPass Policy Manager

by HPE

CVEs (10)

  • CVE-2025-23058HigFeb 4, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with…

  • CVE-2024-51771HigDec 3, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the…

  • CVE-2024-41915HigJul 30, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify…

  • CVE-2025-23059MedFeb 4, 2025
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and…

  • CVE-2025-23060MedFeb 4, 2025
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to…

  • CVE-2024-51772MedDec 3, 2024
    risk 0.42cvss 6.4epss 0.00

    An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying…

  • CVE-2024-5486MedJul 30, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further…

  • CVE-2025-25039MedFeb 4, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower…

  • CVE-2024-53672MedDec 3, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the…

  • CVE-2024-51773MedDec 3, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the…