CVE-2018-7060 — Cross-Site Request Forgery in Clearpass

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 63.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Clearpass Hewlett Packard Enterprise Aruba Clearpass

Timeline

PublishedAug 6

Latest updateMay 14

Description

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/clearpass6.6.0 — 6.6.9+1

▶CVEListV5hewlett_packard_enterprise/aruba_clearpass6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1

🔴Vulnerability Details

GHSA

GHSA-34pj-48rw-2hgw: Aruba ClearPass 6↗2022-05-14

▶

CVEList

CVE-2018-7060: Aruba ClearPass 6↗2018-08-06

▶