VYPR

Clearpass

by Arubanetworks

CVEs (29)

  • CVE-2018-7058CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.04

    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including…

  • CVE-2016-2034CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.

  • CVE-2018-7060HigAug 6, 2018
    risk 0.57cvss 8.8epss 0.00

    Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

  • CVE-2018-7059HigAug 6, 2018
    risk 0.57cvss 8.8epss 0.01

    Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only…

  • CVE-2015-3655HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.

  • CVE-2017-9001HigAug 6, 2018
    risk 0.53cvss 8.1epss 0.07

    Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an…

  • CVE-2015-4649HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

  • CVE-2015-3657HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

  • CVE-2015-3656HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.

  • CVE-2015-3654HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

  • CVE-2015-3653HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect…

  • CVE-2017-9002MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session…

  • CVE-2020-7110Apr 16, 2020
    risk 0.00cvss epss 0.01

    ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4,…

  • CVE-2020-7113Apr 16, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0…

  • CVE-2020-7111Apr 16, 2020
    risk 0.00cvss epss 0.02

    A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.

  • CVE-2018-7079Dec 7, 2018
    risk 0.00cvss epss 0.01

    Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could…

  • CVE-2018-7063Dec 7, 2018
    risk 0.00cvss epss 0.01

    In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API…

  • CVE-2014-6627Nov 19, 2014
    risk 0.00cvss epss 0.02

    Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

  • CVE-2014-6626Nov 19, 2014
    risk 0.00cvss epss 0.02

    Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.

  • CVE-2014-6625Nov 19, 2014
    risk 0.00cvss epss 0.02

    The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.

Page 1 of 2