Vendor CVEs
Arubanetworks
All CVEs
577 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24633 | 0.00 | — | 0.05 | Dec 11, 2020 | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway;… | |||
| CVE-2020-24634 | 0.00 | — | 0.02 | Dec 11, 2020 | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200… | |||
| CVE-2020-7128 | 0.00 | — | 0.02 | Nov 4, 2020 | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-7129 | 0.00 | — | 0.03 | Nov 4, 2020 | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-7126 | 0.00 | — | 0.01 | Oct 26, 2020 | A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-7125 | 0.00 | — | 0.01 | Oct 26, 2020 | A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-7124 | 0.00 | — | 0.01 | Oct 26, 2020 | A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-24632 | 0.00 | — | 0.03 | Oct 26, 2020 | A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-24631 | 0.00 | — | 0.03 | Oct 26, 2020 | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2020-7119 | 0.00 | — | 0.01 | Sep 4, 2020 | A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. | |||
| CVE-2019-5321 | 0.00 | — | 0.02 | Aug 26, 2020 | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. | |||
| CVE-2019-5320 | 0.00 | — | 0.01 | Aug 26, 2020 | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | |||
| CVE-2020-7205 | 0.00 | — | 0.00 | Jul 30, 2020 | A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is… | |||
| CVE-2020-7206 | 0.00 | — | 0.02 | Jul 17, 2020 | HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. | |||
| CVE-2020-7116 | 0.00 | — | 0.03 | Jun 3, 2020 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying… | |||
| CVE-2020-7117 | 0.00 | — | 0.03 | Jun 3, 2020 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying… | |||
| CVE-2020-11844 | 0.00 | — | 0.02 | May 29, 2020 | Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0,… | |||
| CVE-2020-7110 | 0.00 | — | 0.01 | Apr 16, 2020 | ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4,… | |||
| CVE-2020-7113 | 0.00 | — | 0.01 | Apr 16, 2020 | A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0… | |||
| CVE-2020-7111 | 0.00 | — | 0.02 | Apr 16, 2020 | A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||
| CVE-2020-7130 | 0.00 | — | 0.02 | Mar 4, 2020 | HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later. | |||
| CVE-2019-5326 | 0.00 | — | 0.02 | Feb 27, 2020 | An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application… | |||
| CVE-2019-5323 | 0.00 | — | 0.03 | Feb 27, 2020 | There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | |||
| CVE-2019-5322 | 0.00 | — | 0.01 | Feb 12, 2020 | A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and… | |||
| CVE-2020-7208 | 0.00 | — | 0.01 | Feb 12, 2020 | LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | |||
| CVE-2016-2032 | 0.00 | — | 0.03 | Jan 31, 2020 | A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | |||
| CVE-2016-2031 | 0.00 | — | 0.05 | Jan 31, 2020 | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform… | |||
| CVE-2016-4401 | 0.00 | — | 0.01 | Nov 6, 2019 | Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||
| CVE-2018-16417 | 0.00 | — | 0.03 | Oct 30, 2019 | Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||
| CVE-2019-5315 | 0.00 | — | 0.02 | Sep 13, 2019 | A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system… | |||
| CVE-2019-5314 | 0.00 | — | 0.01 | Sep 13, 2019 | Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | |||
| CVE-2018-7081 | 0.00 | — | 0.06 | Sep 13, 2019 | A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute… | |||
| CVE-2018-7064 | 0.00 | — | 0.01 | May 10, 2019 | A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or… | |||
| CVE-2018-7082 | 0.00 | — | 0.04 | May 10, 2019 | A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration… | |||
| CVE-2018-7083 | 0.00 | — | 0.02 | May 10, 2019 | If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba… | |||
| CVE-2018-7063 | 0.00 | — | 0.01 | Dec 7, 2018 | In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API… | |||
| CVE-2018-7067 | 0.00 | — | 0.01 | Dec 7, 2018 | A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the… | |||
| CVE-2018-7079 | 0.00 | — | 0.01 | Dec 7, 2018 | Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could… | |||
| CVE-2018-7065 | 0.00 | — | 0.01 | Dec 7, 2018 | An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could… | |||
| CVE-2018-7066 | 0.00 | — | 0.03 | Dec 7, 2018 | An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected… | |||
| CVE-2015-5430 | 0.00 | — | 0.03 | Aug 27, 2015 | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5409 | 0.00 | — | 0.02 | Aug 26, 2015 | Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||
| CVE-2015-4132 | 0.00 | — | 0.01 | May 28, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1551 | 0.00 | — | 0.01 | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | |||
| CVE-2015-1550 | 0.00 | — | 0.02 | May 28, 2015 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | |||
| CVE-2015-1392 | 0.00 | — | 0.01 | May 28, 2015 | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6628 | 0.00 | — | 0.02 | May 28, 2015 | Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-1388 | 0.00 | — | 0.01 | Mar 24, 2015 | The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2015-1348 | 0.00 | — | 0.01 | Feb 3, 2015 | Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. | |||
| CVE-2014-8368 | 0.00 | — | 0.03 | Nov 25, 2014 | The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. |
- CVE-2020-24633Dec 11, 2020risk 0.00cvss —epss 0.05
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway;…
- CVE-2020-24634Dec 11, 2020risk 0.00cvss —epss 0.02
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200…
- CVE-2020-7128Nov 4, 2020risk 0.00cvss —epss 0.02
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-7129Nov 4, 2020risk 0.00cvss —epss 0.03
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-7126Oct 26, 2020risk 0.00cvss —epss 0.01
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-7125Oct 26, 2020risk 0.00cvss —epss 0.01
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-7124Oct 26, 2020risk 0.00cvss —epss 0.01
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-24632Oct 26, 2020risk 0.00cvss —epss 0.03
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-24631Oct 26, 2020risk 0.00cvss —epss 0.03
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2020-7119Sep 4, 2020risk 0.00cvss —epss 0.01
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.
- CVE-2019-5321Aug 26, 2020risk 0.00cvss —epss 0.02
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.
- CVE-2019-5320Aug 26, 2020risk 0.00cvss —epss 0.01
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.
- CVE-2020-7205Jul 30, 2020risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is…
- CVE-2020-7206Jul 17, 2020risk 0.00cvss —epss 0.02
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
- CVE-2020-7116Jun 3, 2020risk 0.00cvss —epss 0.03
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying…
- CVE-2020-7117Jun 3, 2020risk 0.00cvss —epss 0.03
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying…
- CVE-2020-11844May 29, 2020risk 0.00cvss —epss 0.02
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0,…
- CVE-2020-7110Apr 16, 2020risk 0.00cvss —epss 0.01
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4,…
- CVE-2020-7113Apr 16, 2020risk 0.00cvss —epss 0.01
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0…
- CVE-2020-7111Apr 16, 2020risk 0.00cvss —epss 0.02
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
- CVE-2020-7130Mar 4, 2020risk 0.00cvss —epss 0.02
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
- CVE-2019-5326Feb 27, 2020risk 0.00cvss —epss 0.02
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application…
- CVE-2019-5323Feb 27, 2020risk 0.00cvss —epss 0.03
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
- CVE-2019-5322Feb 12, 2020risk 0.00cvss —epss 0.01
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and…
- CVE-2020-7208Feb 12, 2020risk 0.00cvss —epss 0.01
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
- CVE-2016-2032Jan 31, 2020risk 0.00cvss —epss 0.03
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
- CVE-2016-2031Jan 31, 2020risk 0.00cvss —epss 0.05
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform…
- CVE-2016-4401Nov 6, 2019risk 0.00cvss —epss 0.01
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
- CVE-2018-16417Oct 30, 2019risk 0.00cvss —epss 0.03
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
- CVE-2019-5315Sep 13, 2019risk 0.00cvss —epss 0.02
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system…
- CVE-2019-5314Sep 13, 2019risk 0.00cvss —epss 0.01
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.
- CVE-2018-7081Sep 13, 2019risk 0.00cvss —epss 0.06
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute…
- CVE-2018-7064May 10, 2019risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or…
- CVE-2018-7082May 10, 2019risk 0.00cvss —epss 0.04
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration…
- CVE-2018-7083May 10, 2019risk 0.00cvss —epss 0.02
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba…
- CVE-2018-7063Dec 7, 2018risk 0.00cvss —epss 0.01
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API…
- CVE-2018-7067Dec 7, 2018risk 0.00cvss —epss 0.01
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the…
- CVE-2018-7079Dec 7, 2018risk 0.00cvss —epss 0.01
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could…
- CVE-2018-7065Dec 7, 2018risk 0.00cvss —epss 0.01
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could…
- CVE-2018-7066Dec 7, 2018risk 0.00cvss —epss 0.03
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected…
- CVE-2015-5430Aug 27, 2015risk 0.00cvss —epss 0.03
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-5409Aug 26, 2015risk 0.00cvss —epss 0.02
Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
- CVE-2015-4132May 28, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-1551May 28, 2015risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
- CVE-2015-1550May 28, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
- CVE-2015-1392May 28, 2015risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-6628May 28, 2015risk 0.00cvss —epss 0.02
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
- CVE-2015-1388Mar 24, 2015risk 0.00cvss —epss 0.01
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
- CVE-2015-1348Feb 3, 2015risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.
- CVE-2014-8368Nov 25, 2014risk 0.00cvss —epss 0.03
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
Page 11 of 12