Arubanetworks Clearpass Policy Manager vulnerabilities
136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.
Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1
Vulnerabilities
Page 3 of 7
CVE-2022-23669P3HIGHCVSS 8.8≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23669 [HIGH] CWE-613 CVE-2022-23669: A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-26680P3HIGHCVSS 7.2fixed in 6.7.14≥ 6.8.0, < 6.8.8+3 more2021-02-23
CVE-2021-26680 [HIGH] CWE-78 CVE-2021-26680: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to exe
nvd
CVE-2021-26679P3HIGHCVSS 7.2fixed in 6.7.14≥ 6.8.0, < 6.8.8+3 more2021-02-23
CVE-2021-26679 [HIGH] CWE-78 CVE-2021-26679: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to exe
nvd
CVE-2021-26684P3HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, < 6.8.8+1 more2021-02-23
CVE-2021-26684 [HIGH] CWE-78 CVE-2021-26684: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to exe
nvd
CVE-2021-26683P3HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, ≤ 6.8.8+1 more2021-02-23
CVE-2021-26683 [HIGH] CWE-78 CVE-2021-26683: A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to exe
nvd
CVE-2021-26681P3HIGHCVSS 7.2fixed in 6.7.14≥ 6.8.0, < 6.8.7+1 more2021-02-23
CVE-2021-26681 [HIGH] CWE-78 CVE-2021-26681: A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Mana
A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary command
nvd
CVE-2022-23685P3HIGHCVSS 8.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-23685 [HIGH] CWE-352 CVE-2022-23685: A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes
A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interac
nvd
CVE-2020-7116P3HIGHCVSS 7.2≥ 6.7.0, ≤ 6.7.13≥ 6.8.0, < 6.8.6+2 more2020-06-03
CVE-2020-7116 [HIGH] CVE-2020-7116: The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote exec
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
nvd
CVE-2020-7117P3HIGHCVSS 7.2≥ 6.7.0, ≤ 6.7.13≥ 6.8.0, < 6.8.6+2 more2020-06-03
CVE-2020-7117 [HIGH] CVE-2020-7117: The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote exec
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
nvd
CVE-2021-40993P3HIGHCVSS 8.1≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40993 [HIGH] CWE-89 CVE-2021-40993: A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2024-51772P3HIGHCVSS 8.0≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.32024-12-03
CVE-2024-51772 [HIGH] CWE-77 CVE-2024-51772: An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface al
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2022-37879P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37879 [HIGH] CWE-77 CVE-2022-37879: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2022-37878P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37878 [HIGH] CWE-78 CVE-2022-37878: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2022-37882P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37882 [HIGH] CWE-78 CVE-2022-37882: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2022-37880P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37880 [HIGH] CWE-78 CVE-2022-37880: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2022-37883P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37883 [HIGH] CWE-77 CVE-2022-37883: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2022-37881P3HIGHCVSS 7.2≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37881 [HIGH] CWE-77 CVE-2022-37881: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager ve
nvd
CVE-2015-1550P3CRITICALCVSS 9.0≤ 6.4.42015-05-28
CVE-2015-1550 [CRITICAL] CWE-22 CVE-2015-1550: Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 all
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
nvd
CVE-2014-6628P3CRITICALCVSS 9.0≤ 6.4.52015-05-28
CVE-2014-6628 [CRITICAL] CVE-2014-6628: Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
nvd
CVE-2021-37739P3HIGHCVSS 7.2≥ 6.8.0, ≤ 6.8.9≥ 6.9.0, ≤ 6.9.7+1 more2021-10-15
CVE-2021-37739 [HIGH] CWE-77 CVE-2021-37739: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vul
nvd