| CVE-2017-5638 | Cri | 0.85 | 9.8 | 0.94 | KEV | Mar 11, 2017 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. |
| CVE-2015-4650 | Cri | 0.64 | 9.8 | 0.05 | | Oct 16, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. |
| CVE-2015-1389 | | 0.04 | — | 0.12 | | May 28, 2015 | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. |
| CVE-2015-4132 | | 0.00 | — | 0.00 | | May 28, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-1551 | | 0.00 | — | 0.00 | | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. |
| CVE-2015-1550 | | 0.00 | — | 0.01 | | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. |
| CVE-2015-1392 | | 0.00 | — | 0.00 | | May 28, 2015 | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-6628 | | 0.00 | — | 0.01 | | May 28, 2015 | Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. |
| CVE-2014-8367 | | 0.00 | — | 0.01 | | Nov 25, 2014 | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-2593 | | 0.00 | — | 0.01 | | Aug 29, 2014 | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. |
