Clearpass Policy Manager
CVEs (150)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7065 | 0.00 | — | 0.01 | Dec 7, 2018 | An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could… | |||
| CVE-2018-7079 | 0.00 | — | 0.01 | Dec 7, 2018 | Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could… | |||
| CVE-2018-7066 | 0.00 | — | 0.03 | Dec 7, 2018 | An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected… | |||
| CVE-2015-4132 | 0.00 | — | 0.01 | May 28, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1551 | 0.00 | — | 0.01 | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | |||
| CVE-2015-1550 | 0.00 | — | 0.02 | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | |||
| CVE-2015-1392 | 0.00 | — | 0.01 | May 28, 2015 | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6628 | 0.00 | — | 0.02 | May 28, 2015 | Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-8367 | 0.00 | — | 0.02 | Nov 25, 2014 | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2593 | 0.00 | — | 0.02 | Aug 29, 2014 | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. |
- CVE-2018-7065Dec 7, 2018risk 0.00cvss —epss 0.01
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could…
- CVE-2018-7079Dec 7, 2018risk 0.00cvss —epss 0.01
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could…
- CVE-2018-7066Dec 7, 2018risk 0.00cvss —epss 0.03
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected…
- CVE-2015-4132May 28, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-1551May 28, 2015risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
- CVE-2015-1550May 28, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
- CVE-2015-1392May 28, 2015risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-6628May 28, 2015risk 0.00cvss —epss 0.02
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
- CVE-2014-8367Nov 25, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-2593Aug 29, 2014risk 0.00cvss —epss 0.02
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.
Page 8 of 8