CVE-2024-51773 — Cross-site Scripting in Clearpass Policy Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA4.8

EPSS

0.1%

top 75.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Clearpass Policy Manager Hewlett Packard Enterprise HPE Aruba Networking Clearpass Policy Manager

Timeline

PublishedDec 3

Description

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_clearpass_policy_manager6.12.0 — 6.12.2+1

▶NVDarubanetworks/clearpass_policy_manager6.11.0 — 6.11.10+1

🔴Vulnerability Details

CVEList

Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface↗2024-12-03

▶

GHSA

GHSA-chjv-79m6-ph9c: A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to co↗2024-12-03

▶