CVE-2015-4649Improper Access Control in Clearpass

CWE-284Improper Access Control6 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.9%
top 24.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Clearpass
Timeline
PublishedAug 29
Latest updateMay 17

Description

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

4
GHSA
GHSA-9fpm-954v-hwqm: Aruba Networks ClearPass Policy Manager before 62022-05-17
GHSA
GHSA-p52q-hp8j-8xxw: Aruba Networks ClearPass Policy Manager before 62022-05-17
CVEList
CVE-2015-3654: Aruba Networks ClearPass Policy Manager before 62017-08-29
CVEList
CVE-2015-4649: Aruba Networks ClearPass Policy Manager before 62017-08-29
CVE-2015-4649 — Improper Access Control in Clearpass | cvebase