CVE-2014-4013SQL Injection in Clearpass

CWE-89SQL Injection3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 44.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Clearpass
Timeline
PublishedJul 14
Latest updateMay 17

Description

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 4.4 | Impact: 6.4

Affected Packages1 packages

NVDarubanetworks/clearpass10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-rqrc-v2qh-jp48: SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 52022-05-17
CVEList
CVE-2014-4013: SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 52014-07-14
CVE-2014-4013 — SQL Injection in Clearpass | cvebase