Hp Poly Clariti Manager vulnerabilities

CVE-2025-43485 [MEDIUM] CWE-532 CVE-2025-43485: A potential security vulnerability has been identified in the Poly Clariti Manager for versions prio A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update.

CVE-2025-43484 [MEDIUM] CWE-79 CVE-2025-43484: A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Man A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.

CVE-2025-43483 [MEDIUM] CWE-321 CVE-2025-43483: A potential security vulnerability has been identified in the Poly Clariti Manager for versions prio A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.

CVE-2025-43486 [MEDIUM] CWE-79 CVE-2025-43486: A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manage A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

CVE-2025-43487 [MEDIUM] CWE-250 CVE-2025-43487: A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.

CVE-2025-43489 [LOW] CWE-502 CVE-2025-43489: A potential security vulnerability has been identified in the Poly Clariti Manager for versions prio A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.

CVE-2025-43488 [LOW] CWE-79 CVE-2025-43488: A potential security vulnerability has been identified in the Poly Clariti Manager for versions prio A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.

CVE-2025-43022 [HIGH] CWE-89 CVE-2025-43022: A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update.

CVE-2025-43020 [MEDIUM] CWE-78 CVE-2025-43020: A potential command injection vulnerability has been identified in the Poly Clariti Manager for vers A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.

CVE-2025-43021 [MEDIUM] CWE-1393 CVE-2025-43021: A potential security vulnerability has been identified in the Poly Clariti Manager for versions prio A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.

CVE-2024-41912 [CRITICAL] CWE-284 CVE-2024-41912: A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

CVE-2024-41913 [HIGH] CWE-434 CVE-2024-41913: A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.

CVE-2024-41911 [MEDIUM] CWE-79 CVE-2024-41911: A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.

CVE-2024-41910 [MEDIUM] CWE-79 CVE-2024-41910: A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.