CVE-2020-7113 — Sensitive Information Exposure in Clearpass

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.4%

top 41.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Clearpass Arubanetworks Clearpass Policy Manager

Timeline

PublishedApr 16

Latest updateMay 24

Description

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDarubanetworks/clearpass6.7.0 — 6.7.13+1

▶CVEListV5arubanetworks/clearpass_policy_managerClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13

🔴Vulnerability Details

GHSA

GHSA-3whq-m5gj-947w: A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in↗2022-05-24

▶

CVEList

CVE-2020-7113: A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in↗2020-04-16

▶