Arubanetworks Clearpass Policy Manager vulnerabilities
136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.
Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1
Vulnerabilities
Page 4 of 7
CVE-2021-40987P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40987 [HIGH] CWE-77 CVE-2021-40987: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vul
nvd
CVE-2021-40998P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40998 [HIGH] CWE-77 CVE-2021-40998: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vul
nvd
CVE-2021-40986P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40986 [HIGH] CWE-77 CVE-2021-40986: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vul
nvd
CVE-2021-40999P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+1 more2021-10-15
CVE-2021-40999 [HIGH] CWE-77 CVE-2021-40999: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vul
nvd
CVE-2014-2593P3CRITICALCVSS 9.0v6.3.0.607302014-08-29
CVE-2014-2593 [CRITICAL] CWE-264 CVE-2014-2593: The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.
nvd
CVE-2015-1389P4MEDIUMCVSS 4.3PoC≤ 6.4.42015-05-28
CVE-2015-1389 [MEDIUM] CWE-79 CVE-2015-1389: Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
nvd
CVE-2021-34610P3HIGHCVSS 7.2≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34610 [HIGH] CWE-78 CVE-2021-34610: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-34611P3HIGHCVSS 7.2≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34611 [HIGH] CWE-78 CVE-2021-34611: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2014-8367P3HIGHCVSS 7.5≥ 6.2.0, ≤ 6.2.6≥ 6.3.0, < 6.3.6+2 more2014-11-25
CVE-2014-8367 [HIGH] CWE-89 CVE-2014-8367: SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2021-40988P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40988 [HIGH] CWE-22 CVE-2021-40988: A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(
A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerabil
nvd
CVE-2018-7067P3HIGHCVSS 7.2fixed in 6.6.10≥ 6.7.0, < 6.7.62018-12-07
CVE-2018-7067 [HIGH] CWE-287 CVE-2018-7067: A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromis
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution:
nvd
CVE-2022-23673P3HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23673 [HIGH] CWE-78 CVE-2022-23673: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23672P3HIGHCVSS 7.2≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23672 [HIGH] CWE-78 CVE-2022-23672: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2025-23060P3HIGHCVSS 8.1≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.42025-02-04
CVE-2025-23060 [HIGH] CWE-319 CVE-2025-23060: A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, e
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
nvd
CVE-2024-53672P3MEDIUMCVSS 6.3≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.32024-12-03
CVE-2024-53672 [MEDIUM] CWE-77 CVE-2024-53672: A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authent
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
nvd
CVE-2022-37877P3HIGHCVSS 7.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37877 [HIGH] CVE-2022-37877: A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has
nvd
CVE-2022-43533P3HIGHCVSS 7.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43533 [HIGH] CWE-269 CVE-2022-43533: A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instanc
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and
nvd
CVE-2022-43534P3HIGHCVSS 7.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43534 [HIGH] CWE-269 CVE-2022-43534: A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below an
nvd
CVE-2023-43506P3HIGHCVSS 7.8fixed in 6.9.13≥ 6.10.0, < 6.10.8+3 more2023-10-25
CVE-2023-43506 [HIGH] CWE-269 CVE-2023-43506: A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
nvd
CVE-2023-25590P3HIGHCVSS 7.8≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25590 [HIGH] CWE-269 CVE-2023-25590: A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
nvd