cbcvebase.

Arubanetworks Clearpass Policy Manager vulnerabilities

136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.

Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1

Vulnerabilities

Page 1 of 7
CVE-2017-5638P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 6.6.52017-03-11
CVE-2017-5638 [CRITICAL] CWE-755 CVE-2017-5638: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has in The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild i
nvd
CVE-2020-7115P1CRITICALCVSS 9.8PoC≥ 6.7.0, ≤ 6.7.13≥ 6.8.0, < 6.8.6+2 more2020-06-03
CVE-2020-7115 [CRITICAL] CWE-306 CVE-2020-7115: The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authenticati The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
nvd
CVE-2022-23657P2CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23657 [CRITICAL] CVE-2022-23657: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2018-7066P2CRITICALCVSS 9.0fixed in 6.6.10≥ 6.7.0, < 6.7.52018-12-07
CVE-2018-7066 [CRITICAL] CVE-2018-7066: An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devic An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary comman
nvd
CVE-2022-23658P2CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23658 [CRITICAL] CVE-2022-23658: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23660P2CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23660 [CRITICAL] CVE-2022-23660: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2015-4650P2CRITICALCVSS 9.8≤ 6.4.6v6.5.0+1 more2017-10-16
CVE-2015-4650 [CRITICAL] CWE-264 CVE-2015-4650: Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
nvd
CVE-2023-25589P2CRITICALCVSS 9.8≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25589 [CRITICAL] CWE-306 CVE-2023-25589: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an una A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.
nvd
CVE-2022-43536P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43536 [HIGH] CWE-78 CVE-2022-43536: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ver
nvd
CVE-2024-26294P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26294 [HIGH] CWE-77 CVE-2024-26294: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2024-26295P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26295 [HIGH] CWE-77 CVE-2024-26295: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2024-26298P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26298 [HIGH] CWE-77 CVE-2024-26298: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2024-26296P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26296 [HIGH] CWE-77 CVE-2024-26296: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2024-26297P2HIGHCVSS 8.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26297 [HIGH] CWE-77 CVE-2024-26297: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
nvd
CVE-2024-51771P2HIGHCVSS 8.8≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.32024-12-03
CVE-2024-51771 [HIGH] CWE-77 CVE-2024-51771: A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.
nvd
CVE-2025-25039P2HIGHCVSS 8.8≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.42025-02-04
CVE-2025-25039 [HIGH] CWE-78 CVE-2025-25039: A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manag A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
nvd
CVE-2021-40996P2CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40996 [CRITICAL] CVE-2021-40996: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd
CVE-2021-40997P2CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40997 [CRITICAL] CVE-2021-40997: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd
CVE-2021-37736P2CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+1 more2021-10-15
CVE-2021-37736 [CRITICAL] CVE-2021-37736: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd
CVE-2022-23661P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23661 [CRITICAL] CWE-78 CVE-2022-23661: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
Arubanetworks Clearpass Policy Manager vulnerabilities | cvebase