Arubanetworks Clearpass vulnerabilities
36 known vulnerabilities affecting arubanetworks/clearpass.
Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH11MEDIUM17
Vulnerabilities
Page 1 of 2
CVE-2021-29145CRITICALCVSS 9.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.6+1 more2021-04-29
CVE-2021-29145 [CRITICAL] CWE-918 CVE-2021-29145: A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Ar
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29147HIGHCVSS 8.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.8+2 more2021-04-29
CVE-2021-29147 [HIGH] CWE-78 CVE-2021-29147: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29140HIGHCVSS 8.2≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42021-04-29
CVE-2021-29140 [HIGH] CWE-611 CVE-2021-29140: A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager ve
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29144MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.52021-04-29
CVE-2021-29144 [MEDIUM] CVE-2021-29144: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29142MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29142 [MEDIUM] CWE-79 CVE-2021-29142: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29138MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.5≥ 6.8.0, < 6.8.12021-04-29
CVE-2021-29138 [MEDIUM] CVE-2021-29138: A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29141MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.52021-04-29
CVE-2021-29141 [MEDIUM] CVE-2021-29141: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29139MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29139 [MEDIUM] CWE-79 CVE-2021-29139: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29146MEDIUMCVSS 5.4≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29146 [MEDIUM] CWE-79 CVE-2021-29146: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2020-7114CRITICALCVSS 9.8≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7114 [CRITICAL] CWE-306 CVE-2020-7114: A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' ma
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2020-7111HIGHCVSS 7.2≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7111 [HIGH] CWE-74 CVE-2020-7111: A server side injection vulnerability exists which could allow an authenticated administrative user
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2020-7110MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7110 [MEDIUM] CWE-79 CVE-2020-7110: ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a c
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2020-7113MEDIUMCVSS 4.9≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7113 [MEDIUM] CVE-2020-7113: A vulnerability was found when an attacker, while communicating with the ClearPass management interf
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
nvd
CVE-2016-4401CRITICALCVSS 9.8fixed in 6.5.7≥ 6.6.0, < 6.6.22019-11-06
CVE-2016-4401 [CRITICAL] CWE-522 CVE-2016-4401: Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain databa
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
nvd
CVE-2018-7060HIGHCVSS 8.8≥ 6.6.0, < 6.6.9≥ 6.7.0, < 6.7.12018-08-06
CVE-2018-7060 [HIGH] CWE-352 CVE-2018-7060: Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
nvd
CVE-2018-0489MEDIUMCVSS 6.5≥ 6.6.0, ≤ 6.6.9≥ 6.7.0, < 6.7.22018-02-27
CVE-2018-0489 [MEDIUM] CVE-2018-0489: Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windo
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
nvd
CVE-2014-2071HIGHCVSS 7.1≥ 6.1, ≤ 6.1.4≥ 6.2, < 6.2.5.61640+1 more2018-01-08
CVE-2014-2071 [HIGH] CWE-264 CVE-2014-2071: Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
nvd
CVE-2015-3657HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3657 [HIGH] CWE-284 CVE-2015-3657: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
nvd
CVE-2015-4649HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-4649 [HIGH] CVE-2015-4649: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
nvd
CVE-2015-3654HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3654 [HIGH] CWE-284 CVE-2015-3654: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
nvd
1 / 2Next →