8.1
CVE-2025-23060
- EPSS 0.06%
- Published 04.02.2025 18:15:35
- Last modified 28.03.2025 17:39:14
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
Data is provided by the National Vulnerability Database (NVD)
Arubanetworks ≫ Clearpass Policy Manager Version >= 6.11.0 < 6.11.10
Arubanetworks ≫ Clearpass Policy Manager Version >= 6.12.0 < 6.12.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.06% | 0.193 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
security-alert@hpe.com | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.