cbcvebase.

Arubanetworks Clearpass Policy Manager vulnerabilities

136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.

Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1

Vulnerabilities

Page 6 of 7
CVE-2024-26301P3MEDIUMCVSS 6.5≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26301 [MEDIUM] CVE-2024-26301: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remo A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
nvd
CVE-2021-40989P3HIGHCVSS 7.8≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40989 [HIGH] CVE-2021-40989: A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager versi A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-26686P3MEDIUMCVSS 6.5fixed in 6.7.14≥ 6.8.0, < 6.8.7+1 more2021-02-23
CVE-2021-26686 [MEDIUM] CWE-89 CVE-2021-26686: A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could e
nvd
CVE-2015-1392P3MEDIUMCVSS 6.5≤ 6.4.42015-05-28
CVE-2015-1392 [MEDIUM] CWE-89 CVE-2015-1392: Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4. Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2020-7123P3HIGHCVSS 7.8≥ 6.7.0, < 6.7.12≥ 6.8.0, < 6.8.52021-04-28
CVE-2020-7123 [HIGH] CVE-2020-7123: A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager versi A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-26685P3MEDIUMCVSS 6.5≤ 6.7.14≥ 6.8.0, ≤ 6.8.8+1 more2021-02-23
CVE-2021-26685 [MEDIUM] CWE-89 CVE-2021-26685: A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could e
nvd
CVE-2023-25591P3MEDIUMCVSS 6.5≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25591 [MEDIUM] CWE-266 CVE-2023-25591: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remo A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance.
nvd
CVE-2023-43508P3MEDIUMCVSS 6.5fixed in 6.9.13≥ 6.10.0, < 6.10.8+3 more2023-10-25
CVE-2023-43508 [MEDIUM] CWE-863 CVE-2023-43508: Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface tha
nvd
CVE-2021-40990P4MEDIUMCVSS 6.5≥ 6.8.0, < 6.8.9≥ 6.9.0, < 6.9.7+3 more2021-10-15
CVE-2021-40990 [MEDIUM] CVE-2021-40990: A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security
nvd
CVE-2022-23670P4MEDIUMCVSS 6.5fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23670 [MEDIUM] CVE-2022-23670: A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2023-43509P4MEDIUMCVSS 5.8fixed in 6.9.13≥ 6.10.0, < 6.10.8+3 more2023-10-25
CVE-2023-43509 [MEDIUM] CWE-79 CVE-2023-43509: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an una A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.
nvd
CVE-2021-29152P4MEDIUMCVSS 6.5≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-29152 [MEDIUM] CVE-2021-29152: A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager vers A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-26678P4MEDIUMCVSS 6.1fixed in 6.7.14≥ 6.8.0, < 6.8.6+1 more2021-02-23
CVE-2021-26678 [MEDIUM] CWE-79 CVE-2021-26678: A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba Cle A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an
nvd
CVE-2020-7120P4MEDIUMCVSS 5.3fixed in 6.8.8≥ 6.9.0, < 6.9.32021-02-23
CVE-2020-7120 [MEDIUM] CWE-120 CVE-2020-7120: A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the c
nvd
CVE-2024-41916P4MEDIUMCVSS 4.9≤ 6.11.8v6.12.0+1 more2024-07-30
CVE-2024-41916 [MEDIUM] CVE-2024-41916: A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative p A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
nvd
CVE-2024-5486P4MEDIUMCVSS 4.9≥ 6.11, ≤ 6.11.8v6.12.0+1 more2024-07-30
CVE-2024-5486 [MEDIUM] CVE-2024-5486: A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative p A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager
nvd
CVE-2023-25596P4MEDIUMCVSS 4.9≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25596 [MEDIUM] CWE-312 CVE-2023-25596: A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
nvd
CVE-2023-25592P4MEDIUMCVSS 6.1≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25592 [MEDIUM] CWE-79 CVE-2023-25592: Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2023-25593P4MEDIUMCVSS 6.1≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25593 [MEDIUM] CWE-79 CVE-2023-25593: Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2024-51773P4MEDIUMCVSS 5.4≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.32024-12-03
CVE-2024-51773 [MEDIUM] CWE-79 CVE-2024-51773: A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering
nvd
Arubanetworks Clearpass Policy Manager vulnerabilities | cvebase