CVE-2014-6621Sensitive Information Exposure in Clearpass

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Clearpass
Timeline
PublishedNov 19
Latest updateMay 17

Description

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-79mv-89pw-gp4r: Aruba Networks ClearPass before 62022-05-17
CVEList
CVE-2014-6621: Aruba Networks ClearPass before 62014-11-19
CVE-2014-6621 — Sensitive Information Exposure | cvebase