VYPR

Clearpass Policy Manager

by Arubanetworks

CVEs (150)

  • CVE-2018-7065Dec 7, 2018
    risk 0.00cvss epss 0.01

    An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could…

  • CVE-2018-7079Dec 7, 2018
    risk 0.00cvss epss 0.01

    Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could…

  • CVE-2018-7066Dec 7, 2018
    risk 0.00cvss epss 0.03

    An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected…

  • CVE-2015-4132May 28, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-1551May 28, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

  • CVE-2015-1550May 28, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

  • CVE-2015-1392May 28, 2015
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6628May 28, 2015
    risk 0.00cvss epss 0.02

    Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

  • CVE-2014-8367Nov 25, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-2593Aug 29, 2014
    risk 0.00cvss epss 0.02

    The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

Page 8 of 8