cbcvebase.

Arubanetworks Clearpass Policy Manager vulnerabilities

136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.

Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1

Vulnerabilities

Page 5 of 7
CVE-2022-43535P3HIGHCVSS 7.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43535 [HIGH] CWE-269 CVE-2022-43535: A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows inst A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x
nvd
CVE-2022-23667P3HIGHCVSS 7.2fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23667 [HIGH] CWE-78 CVE-2022-23667: A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2023-43510P3MEDIUMCVSS 6.3fixed in 6.9.13≥ 6.10.0, < 6.10.8+3 more2023-10-25
CVE-2023-43510 [MEDIUM] CWE-77 CVE-2023-43510: A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authent A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
nvd
CVE-2018-7063P3HIGHCVSS 8.1fixed in 6.6.10≥ 6.7.0, < 6.7.32018-12-07
CVE-2018-7063 [HIGH] CWE-611 CVE-2018-7063: In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumst In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of t
nvd
CVE-2022-37884P3HIGHCVSS 7.5≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72022-09-20
CVE-2022-37884 [HIGH] CWE-400 CVE-2022-37884: A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauth A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10
nvd
CVE-2021-40992P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40992 [HIGH] CWE-89 CVE-2021-40992: A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-37738P3HIGHCVSS 7.5≥ 6.8.0, ≤ 6.8.9≥ 6.9.0, ≤ 6.9.7+1 more2021-10-15
CVE-2021-37738 [HIGH] CWE-862 CVE-2021-37738: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this sec
nvd
CVE-2018-7065P3HIGHCVSS 7.2fixed in 6.6.10≥ 6.7.0, < 6.7.62018-12-07
CVE-2018-7065 [HIGH] CWE-89 CVE-2018-7065: An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading t
nvd
CVE-2022-23671P3HIGHCVSS 7.5≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23671 [HIGH] CVE-2022-23671: A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29150P3HIGHCVSS 7.2≥ 6.6.0, < 6.8.9≥ 6.9.0, < 6.9.62021-07-08
CVE-2021-29150 [HIGH] CWE-502 CVE-2021-29150: A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager ver A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2018-7079P3HIGHCVSS 7.2fixed in 6.6.10≥ 6.7.0, < 6.7.62018-12-07
CVE-2018-7079 [HIGH] CWE-863 CVE-2018-7079: Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in Cle Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution
nvd
CVE-2021-40994P3MEDIUMCVSS 6.3≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40994 [MEDIUM] CWE-77 CVE-2021-40994: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security v
nvd
CVE-2021-40995P3MEDIUMCVSS 6.3≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40995 [MEDIUM] CWE-77 CVE-2021-40995: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security v
nvd
CVE-2021-26677P3HIGHCVSS 7.8fixed in 6.7.14≥ 6.8.0, < 6.8.7+1 more2021-02-23
CVE-2021-26677 [HIGH] CVE-2021-26677: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with
nvd
CVE-2021-40991P3HIGHCVSS 7.2≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40991 [HIGH] CVE-2021-40991: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vu
nvd
CVE-2021-34612P3MEDIUMCVSS 6.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34612 [MEDIUM] CWE-78 CVE-2021-34612: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-34615P3MEDIUMCVSS 6.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34615 [MEDIUM] CWE-78 CVE-2021-34615: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-34614P3MEDIUMCVSS 6.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34614 [MEDIUM] CWE-78 CVE-2021-34614: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-34613P3MEDIUMCVSS 6.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34613 [MEDIUM] CWE-78 CVE-2021-34613: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-34616P3MEDIUMCVSS 6.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-34616 [MEDIUM] CWE-78 CVE-2021-34616: A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
Arubanetworks Clearpass Policy Manager vulnerabilities | cvebase