Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29147 | 1 Arubanetworks | 1 Clearpass | 2021-05-07 | 9.0 HIGH | 8.8 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29140 | 1 Arubanetworks | 1 Clearpass | 2021-05-07 | 6.4 MEDIUM | 8.2 HIGH |
| A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2015-3655 | 1 Arubanetworks | 1 Clearpass | 2020-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | |||||
| CVE-2020-7111 | 1 Arubanetworks | 1 Clearpass | 2020-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
| CVE-2018-7060 | 1 Arubanetworks | 1 Clearpass | 2018-10-10 | 6.8 MEDIUM | 8.8 HIGH |
| Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface. | |||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2018-01-31 | 4.9 MEDIUM | 7.1 HIGH |
| Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | |||||
| CVE-2015-3657 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | |||||
| CVE-2015-3654 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | |||||
| CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | |||||
| CVE-2015-3653 | 1 Arubanetworks | 1 Clearpass | 2017-09-06 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | |||||
| CVE-2015-4649 | 1 Arubanetworks | 1 Clearpass | 2017-09-01 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | |||||