Arubanetworks

Clearpass Policy Manager

136 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2020-7117

  • EPSS 1.94%
  • Published 03.06.2020 13:15:11
  • Last modified 21.11.2024 05:36:39

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execu...

8.1

CVE-2018-7063

  • EPSS 0.49%
  • Published 07.12.2018 21:29:01
  • Last modified 21.11.2024 04:11:35

In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to u...

7.2

CVE-2018-7065

  • EPSS 0.3%
  • Published 07.12.2018 21:29:01
  • Last modified 21.11.2024 04:11:35

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administra...

9.3

CVE-2018-7066

  • EPSS 1.84%
  • Published 07.12.2018 21:29:01
  • Last modified 21.11.2024 04:11:35

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced informa...

7.2

CVE-2018-7067

  • EPSS 0.63%
  • Published 07.12.2018 21:29:01
  • Last modified 21.11.2024 04:11:35

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. ...

7.2

CVE-2018-7079

  • EPSS 0.34%
  • Published 07.12.2018 21:29:01
  • Last modified 21.11.2024 04:11:36

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of...

10

CVE-2015-4650

  • EPSS 5.49%
  • Published 16.10.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.

10

CVE-2017-5638

Warning Media report Exploit
  • EPSS 94.27%
  • Published 11.03.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a...

3.5

CVE-2015-4132

  • EPSS 0.28%
  • Published 28.05.2015 14:59:09
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.

4

CVE-2015-1551

  • EPSS 0.25%
  • Published 28.05.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.