Arubanetworks Clearpass vulnerabilities
36 known vulnerabilities affecting arubanetworks/clearpass.
Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH11MEDIUM17
Vulnerabilities
Page 2 of 2
CVE-2021-29141P4MEDIUMCVSS 6.5≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.52021-04-29
CVE-2021-29141 [MEDIUM] CVE-2021-29141: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2014-2071P4HIGHCVSS 7.1≥ 6.1, ≤ 6.1.4≥ 6.2, < 6.2.5.61640+1 more2018-01-08
CVE-2014-2071 [HIGH] CWE-264 CVE-2014-2071: Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
nvd
CVE-2018-0489P4MEDIUMCVSS 6.5≥ 6.6.0, ≤ 6.6.9≥ 6.7.0, < 6.7.22018-02-27
CVE-2018-0489 [MEDIUM] CVE-2018-0489: Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windo
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
nvd
CVE-2014-4013P4MEDIUMCVSS 4.9v5.0.1v5.1+8 more2014-07-14
CVE-2014-4013 [MEDIUM] CWE-89 CVE-2014-4013: SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x thro
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2014-6624P4MEDIUMCVSS 6.8≤ 6.3.4v6.4.02014-11-19
CVE-2014-6624 [MEDIUM] CWE-200 CVE-2014-6624: The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote aut
The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
nvd
CVE-2013-2269P4MEDIUMCVSS 5.0v5.0.1v5.1+3 more2013-10-01
CVE-2013-2269 [MEDIUM] CWE-264 CVE-2013-2269: The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Am
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page"
nvd
CVE-2014-6622P4MEDIUMCVSS 5.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-6622 [MEDIUM] CWE-200 CVE-2014-6622: Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine th
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.
nvd
CVE-2020-7113P4MEDIUMCVSS 4.9≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7113 [MEDIUM] CVE-2020-7113: A vulnerability was found when an attacker, while communicating with the ClearPass management interf
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
nvd
CVE-2021-29146P4MEDIUMCVSS 5.4≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29146 [MEDIUM] CWE-79 CVE-2021-29146: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2014-6621P4MEDIUMCVSS 5.0≤ 6.3.4v6.4.02014-11-19
CVE-2014-6621 [MEDIUM] CWE-200 CVE-2014-6621: Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting an
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.
nvd
CVE-2020-7110P4MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.13≥ 6.8.0, < 6.8.42020-04-16
CVE-2020-7110 [MEDIUM] CWE-79 CVE-2020-7110: ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a c
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
nvd
CVE-2021-29142P4MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29142 [MEDIUM] CWE-79 CVE-2021-29142: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29139P4MEDIUMCVSS 4.8≥ 6.7.0, < 6.7.14≥ 6.8.0, < 6.8.9+2 more2021-04-29
CVE-2021-29139 [MEDIUM] CWE-79 CVE-2021-29139: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2014-4031P4MEDIUMCVSS 4.0v5.0.1v5.1+8 more2014-07-15
CVE-2014-4031 [MEDIUM] CWE-200 CVE-2014-4031: The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.
nvd
CVE-2014-6623P4MEDIUMCVSS 4.3≤ 6.3.5v6.4.02014-11-07
CVE-2014-6623 [MEDIUM] CWE-79 CVE-2014-6623: Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass be
Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.
nvd
CVE-2014-6620P4MEDIUMCVSS 4.3≤ 6.3.5v6.4.02014-11-07
CVE-2014-6620 [MEDIUM] CWE-79 CVE-2014-6620: Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
← Previous2 / 2