cbcvebase.

Arubanetworks Clearpass Policy Manager vulnerabilities

136 known vulnerabilities affecting arubanetworks/clearpass_policy_manager.

Total CVEs
136
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL20HIGH72MEDIUM43LOW1

Vulnerabilities

Page 7 of 7
CVE-2022-23668P4MEDIUMCVSS 4.9fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23668 [MEDIUM] CWE-918 CVE-2022-23668: A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba Clea A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.
nvd
CVE-2025-23059P4MEDIUMCVSS 4.9≥ 6.11.0, < 6.11.10≥ 6.12.0, < 6.12.42025-02-04
CVE-2025-23059 [MEDIUM] CWE-22 CVE-2025-23059: A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manag A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and securi
nvd
CVE-2024-26302P4MEDIUMCVSS 4.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26302 [MEDIUM] CWE-276 CVE-2024-26302: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remo A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Man
nvd
CVE-2021-26682P4MEDIUMCVSS 6.1fixed in 6.7.14≥ 6.8.0, < 6.8.8+3 more2021-02-23
CVE-2021-26682 [MEDIUM] CWE-79 CVE-2021-26682: A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exp
nvd
CVE-2022-23674P4MEDIUMCVSS 5.4≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23674 [MEDIUM] CWE-79 CVE-2022-23674: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-23659P4MEDIUMCVSS 6.1fixed in 6.8.9≥ 6.9.0, < 6.9.10+2 more2022-05-16
CVE-2022-23659 [MEDIUM] CWE-79 CVE-2022-23659: A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2021-29151P4MEDIUMCVSS 4.3≥ 6.6.0, ≤ 6.6.10≥ 6.7.0, ≤ 6.7.14+2 more2021-07-08
CVE-2021-29151 [MEDIUM] CVE-2021-29151: A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-43540P4MEDIUMCVSS 5.5≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43540 [MEDIUM] CWE-200 CVE-2022-43540: A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local m A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7
nvd
CVE-2015-1551P4MEDIUMCVSS 4.0≤ 6.4.32015-05-28
CVE-2015-1551 [MEDIUM] CWE-264 CVE-2015-1551: Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 all Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
nvd
CVE-2023-25595P4MEDIUMCVSS 5.5≥ 6.9.0, ≤ 6.9.13≥ 6.10.0, ≤ 6.10.8+2 more2023-03-22
CVE-2023-25595 [MEDIUM] CWE-284 CVE-2023-25595: A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.
nvd
CVE-2022-43532P4MEDIUMCVSS 4.8≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43532 [MEDIUM] CWE-79 CVE-2022-43532: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an au A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affect
nvd
CVE-2024-26300P4MEDIUMCVSS 4.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26300 [MEDIUM] CWE-79 CVE-2024-26300: A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remo A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2024-26299P4MEDIUMCVSS 4.8≥ 6.9.0, < 6.9.13≥ 6.10.0, < 6.10.8+4 more2024-02-27
CVE-2024-26299 [MEDIUM] CWE-79 CVE-2024-26299: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affec
nvd
CVE-2022-23675P4MEDIUMCVSS 4.8≤ 6.7.14≥ 6.8.0, < 6.8.9+3 more2022-05-17
CVE-2022-23675 [MEDIUM] CWE-79 CVE-2022-23675: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
nvd
CVE-2022-43539P4MEDIUMCVSS 4.5≥ 6.9.0, < 6.9.12≥ 6.10.0, < 6.10.72023-01-05
CVE-2022-43539 [MEDIUM] CWE-200 CVE-2022-43539: A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an att A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a privileged user on the ClearPass Policy Manager cluster in
nvd
CVE-2015-4132P4LOWCVSS 3.5≤ 6.4.42015-05-28
CVE-2015-4132 [LOW] CWE-79 CVE-2015-4132: Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
nvd
Arubanetworks Clearpass Policy Manager vulnerabilities | cvebase