cbcvebase.

Arubanetworks Clearpass vulnerabilities

36 known vulnerabilities affecting arubanetworks/clearpass.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH11MEDIUM17

Vulnerabilities

Page 1 of 2
CVE-2021-29145P2CRITICALCVSS 9.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.6+1 more2021-04-29
CVE-2021-29145 [CRITICAL] CWE-918 CVE-2021-29145: A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Ar A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29147P3HIGHCVSS 8.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.8+2 more2021-04-29
CVE-2021-29147 [HIGH] CWE-78 CVE-2021-29147: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2014-6626P3CRITICALCVSS 10.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-6626 [CRITICAL] CWE-284 CVE-2014-6626: Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to un Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
nvd
CVE-2014-5342P3CRITICALCVSS 10.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-5342 [CRITICAL] CVE-2014-5342: Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbi Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.
nvd
CVE-2020-7114P3CRITICALCVSS 9.8≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7114 [CRITICAL] CWE-306 CVE-2020-7114: A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' ma A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2016-2034P3CRITICALCVSS 9.8v6.5.0v6.5.1+6 more2017-06-08
CVE-2016-2034 [CRITICAL] CWE-89 CVE-2016-2034: SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
nvd
CVE-2014-6627P3CRITICALCVSS 9.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-6627 [CRITICAL] CVE-2014-6627: Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbi Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
nvd
CVE-2016-4401P3CRITICALCVSS 9.8fixed in 6.5.7≥ 6.6.0, < 6.6.22019-11-06
CVE-2016-4401 [CRITICAL] CWE-522 CVE-2016-4401: Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain databa Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
nvd
CVE-2021-29140P3HIGHCVSS 8.2≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42021-04-29
CVE-2021-29140 [HIGH] CWE-611 CVE-2021-29140: A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager ve A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2020-7111P3HIGHCVSS 7.2≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7111 [HIGH] CWE-74 CVE-2020-7111: A server side injection vulnerability exists which could allow an authenticated administrative user A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2014-6625P3CRITICALCVSS 9.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-6625 [CRITICAL] CWE-284 CVE-2014-6625: The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote aut The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
nvd
CVE-2015-3653P3HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3653 [HIGH] CWE-284 CVE-2015-3653: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
nvd
CVE-2015-4649P3HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-4649 [HIGH] CVE-2015-4649: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
nvd
CVE-2015-3654P3HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3654 [HIGH] CWE-284 CVE-2015-3654: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
nvd
CVE-2015-3656P3HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3656 [HIGH] CWE-285 CVE-2015-3656: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
nvd
CVE-2015-3657P3HIGHCVSS 7.2≤ 6.4.6v6.5+1 more2017-08-29
CVE-2015-3657 [HIGH] CWE-284 CVE-2015-3657: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
nvd
CVE-2018-7060P3HIGHCVSS 8.8≥ 6.6.0, < 6.6.9≥ 6.7.0, < 6.7.12018-08-06
CVE-2018-7060 [HIGH] CWE-352 CVE-2018-7060: Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
nvd
CVE-2015-3655P3HIGHCVSS 8.8≥ 6.4.0, < 6.4.7≥ 6.5.0, < 6.5.22017-08-29
CVE-2015-3655 [HIGH] CWE-352 CVE-2015-3655: Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6. Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
nvd
CVE-2021-29138P4MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.5≥ 6.8.0, < 6.8.12021-04-29
CVE-2021-29138 [MEDIUM] CVE-2021-29138: A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29144P4MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.52021-04-29
CVE-2021-29144 [MEDIUM] CVE-2021-29144: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
Arubanetworks Clearpass vulnerabilities | cvebase