ClearPass Policy Manager
by HPE
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-23058 | Hig | 0.57 | 8.8 | 0.01 | Feb 4, 2025 | A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with… | ||
| CVE-2024-51771 | Hig | 0.47 | 7.2 | 0.01 | Dec 3, 2024 | A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the… | ||
| CVE-2024-41915 | Hig | 0.47 | 7.2 | 0.01 | Jul 30, 2024 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify… | ||
| CVE-2025-23059 | Med | 0.44 | 6.8 | 0.01 | Feb 4, 2025 | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and… | ||
| CVE-2025-23060 | Med | 0.43 | 6.6 | 0.00 | Feb 4, 2025 | A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to… | ||
| CVE-2024-51772 | Med | 0.42 | 6.4 | 0.00 | Dec 3, 2024 | An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying… | ||
| CVE-2024-5486 | Med | 0.38 | 5.8 | 0.00 | Jul 30, 2024 | A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further… | ||
| CVE-2025-25039 | Med | 0.31 | 4.7 | 0.01 | Feb 4, 2025 | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower… | ||
| CVE-2024-53672 | Med | 0.31 | 4.7 | 0.00 | Dec 3, 2024 | A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the… | ||
| CVE-2024-51773 | Med | 0.31 | 4.8 | 0.00 | Dec 3, 2024 | A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the… |
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with…
- risk 0.47cvss 7.2epss 0.01
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the…
- risk 0.47cvss 7.2epss 0.01
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify…
- risk 0.44cvss 6.8epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and…
- risk 0.43cvss 6.6epss 0.00
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to…
- risk 0.42cvss 6.4epss 0.00
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying…
- risk 0.38cvss 5.8epss 0.00
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further…
- risk 0.31cvss 4.7epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower…
- risk 0.31cvss 4.7epss 0.00
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the…
- risk 0.31cvss 4.8epss 0.00
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the…