Clearpass Policy Manager
CVEs (150)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5638 | Cri | 0.86 | 9.8 | 1.00 | KEV | Mar 11, 2017 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,… | |
| CVE-2017-5824 | Cri | 0.65 | 9.8 | 0.20 | Feb 15, 2018 | An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2015-4650 | Cri | 0.64 | 9.8 | 0.06 | Oct 16, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | ||
| CVE-2016-2034 | Cri | 0.64 | 9.8 | 0.01 | Jun 8, 2017 | SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. | ||
| CVE-2017-5826 | Hig | 0.57 | 8.8 | 0.03 | Feb 15, 2018 | An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2017-5825 | Hig | 0.57 | 8.8 | 0.02 | Feb 15, 2018 | A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2015-3655 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2017 | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | ||
| CVE-2017-5828 | Hig | 0.53 | 8.1 | 0.02 | Feb 15, 2018 | An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2017-5829 | Hig | 0.51 | 7.8 | 0.01 | Feb 15, 2018 | An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2015-4649 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | ||
| CVE-2015-3657 | Hig | 0.47 | 7.2 | 0.01 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | ||
| CVE-2015-3656 | Hig | 0.47 | 7.2 | 0.01 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | ||
| CVE-2015-3654 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | ||
| CVE-2015-3653 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect… | ||
| CVE-2014-2071 | Hig | 0.46 | 7.1 | 0.01 | Jan 8, 2018 | Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner… | ||
| CVE-2017-5827 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2020-7115 | 0.08 | — | 0.65 | Jun 3, 2020 | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in… | |||
| CVE-2015-1389 | 0.04 | — | 0.07 | May 28, 2015 | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. | |||
| CVE-2025-25039 | 0.00 | — | 0.01 | Feb 4, 2025 | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower… | |||
| CVE-2025-23060 | 0.00 | — | 0.00 | Feb 4, 2025 | A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to… |
- risk 0.86cvss 9.8epss 1.00
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…
- risk 0.65cvss 9.8epss 0.20
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.64cvss 9.8epss 0.06
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
- risk 0.57cvss 8.8epss 0.03
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.57cvss 8.8epss 0.02
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
- risk 0.53cvss 8.1epss 0.02
An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.51cvss 7.8epss 0.01
An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
- risk 0.47cvss 7.2epss 0.01
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect…
- risk 0.46cvss 7.1epss 0.01
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner…
- risk 0.35cvss 5.4epss 0.01
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- CVE-2020-7115Jun 3, 2020risk 0.08cvss —epss 0.65
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in…
- CVE-2015-1389May 28, 2015risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
- CVE-2025-25039Feb 4, 2025risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower…
- CVE-2025-23060Feb 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to…
Page 1 of 8