Arubanetworks Clearpass Policy Manager vulnerabilities
136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.
Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1
Vulnerabilities
Page 2 of 7
CVE-2022-23665P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23665 [CRITICAL] CWE-78 CVE-2022-23665: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23666P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23666 [CRITICAL] CWE-78 CVE-2022-23666: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23664P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23664 [CRITICAL] CWE-78 CVE-2022-23664: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23662P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23662 [CRITICAL] CWE-78 CVE-2022-23662: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23663P3CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23663 [CRITICAL] CWE-78 CVE-2022-23663: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2024-41915P3HIGHCVSS 8.8≥ 6.11.0, < 6.11.9≥ 6.12.0, < 6.12.22024-07-30
CVE-2024-41915 [HIGH] CWE-89 CVE-2024-41915: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete
nvd
CVE-2021-37737P3HIGHCVSS 8.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+1 more2021-10-15
CVE-2021-37737 [HIGH] CWE-89 CVE-2021-37737: A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-43530P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43530 [HIGH] CWE-89 CVE-2022-43530: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-43531P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43531 [HIGH] CWE-89 CVE-2022-43531: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an au
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complet
nvd
CVE-2023-43507P3HIGHCVSS 8.8fixed in 6.9.13≥ 6.10.0, < 6.10.8+3 more2023-10-25
CVE-2023-43507 [HIGH] CWE-89 CVE-2023-43507: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete
nvd
CVE-2023-25594P3HIGHCVSS 8.8≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25594 [HIGH] CWE-863 CVE-2023-25594: A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacke
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that s
nvd
CVE-2025-23058P3HIGHCVSS 8.1≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.42025-02-04
CVE-2025-23058 [HIGH] CWE-1390 CVE-2025-23058: A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileg
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged use
nvd
CVE-2021-34609P3HIGHCVSS 8.8≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34609 [HIGH] CWE-89 CVE-2021-34609: A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Pr
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23693P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23693 [HIGH] CWE-89 CVE-2022-23693: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-23694P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23694 [HIGH] CWE-89 CVE-2022-23694: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-23692P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23692 [HIGH] CWE-89 CVE-2022-23692: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-23695P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23695 [HIGH] CWE-89 CVE-2022-23695: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-23696P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23696 [HIGH] CWE-89 CVE-2022-23696: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to comple
nvd
CVE-2022-43537P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43537 [HIGH] CWE-78 CVE-2022-43537: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ver
nvd
CVE-2022-43538P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43538 [HIGH] CWE-78 CVE-2022-43538: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ver
nvd