CVE-2017-5828XML External Entity (XXE) Injection in HP Aruba Clearpass Policy Manager

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 33.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Aruba Clearpass Policy ManagerHewlett Packard Enterprise Aruba Clearpass Policy Manager
Timeline
PublishedFeb 15
Latest updateMay 14

Description

An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8hw9-8jv7-793r: An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 62022-05-14
CVEList
CVE-2017-5828: An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 62018-02-15
CVE-2017-5828 — XML External Entity (XXE) Injection | cvebase