VYPR

Clearpass Policy Manager

by Arubanetworks

CVEs (150)

  • CVE-2017-5638CriKEVMar 11, 2017
    risk 0.86cvss 9.8epss 1.00

    The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…

  • CVE-2017-5824CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.20

    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2015-4650CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.06

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.

  • CVE-2016-2034CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.

  • CVE-2017-5826HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.03

    An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2017-5825HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.02

    A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2015-3655HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.

  • CVE-2017-5828HigFeb 15, 2018
    risk 0.53cvss 8.1epss 0.02

    An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2017-5829HigFeb 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2015-4649HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

  • CVE-2015-3657HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

  • CVE-2015-3656HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.

  • CVE-2015-3654HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

  • CVE-2015-3653HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect…

  • CVE-2014-2071HigJan 8, 2018
    risk 0.46cvss 7.1epss 0.01

    Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner…

  • CVE-2017-5827MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2020-7115Jun 3, 2020
    risk 0.08cvss epss 0.65

    The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in…

  • CVE-2015-1389May 28, 2015
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

  • CVE-2025-25039Feb 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower…

  • CVE-2025-23060Feb 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to…

Page 1 of 8