Arubanetworks Clearpass Policy Manager vulnerabilities
140 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.
Total CVEs
140
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL21HIGH73MEDIUM45LOW1
Vulnerabilities
Page 4 of 7
CVE-2022-23673HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23673 [HIGH] CWE-78 CVE-2022-23673: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23672HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23672 [HIGH] CWE-78 CVE-2022-23672: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23675MEDIUMCVSS 4.8≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23675 [MEDIUM] CWE-79 CVE-2022-23675: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23674MEDIUMCVSS 5.4≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23674 [MEDIUM] CWE-79 CVE-2022-23674: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23657CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23657 [CRITICAL] CVE-2022-23657: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23661CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23661 [CRITICAL] CWE-78 CVE-2022-23661: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23658CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23658 [CRITICAL] CVE-2022-23658: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23665CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23665 [CRITICAL] CWE-78 CVE-2022-23665: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23666CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23666 [CRITICAL] CWE-78 CVE-2022-23666: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23664CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23664 [CRITICAL] CWE-78 CVE-2022-23664: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23660CRITICALCVSS 10.0fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23660 [CRITICAL] CVE-2022-23660: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23662CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23662 [CRITICAL] CWE-78 CVE-2022-23662: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23663CRITICALCVSS 9.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23663 [CRITICAL] CWE-78 CVE-2022-23663: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23667HIGHCVSS 7.2fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23667 [HIGH] CWE-78 CVE-2022-23667: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23659MEDIUMCVSS 6.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23659 [MEDIUM] CWE-79 CVE-2022-23659: A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23668MEDIUMCVSS 4.9fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23668 [MEDIUM] CWE-918 CVE-2022-23668: A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba Clea
A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.
nvd
CVE-2022-23670MEDIUMCVSS 6.5fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23670 [MEDIUM] CVE-2022-23670: A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-37736CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+1 more2021-10-15
CVE-2021-37736 [CRITICAL] CVE-2021-37736: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd
CVE-2021-40996CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40996 [CRITICAL] CVE-2021-40996: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd
CVE-2021-40997CRITICALCVSS 9.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40997 [CRITICAL] CVE-2021-40997: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabili
nvd