Vulnerabilities > CVE-2023-43508 - Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
arubanetworks
CWE-863

Summary

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

Vulnerable Configurations

Part Description Count
Application
Arubanetworks
109

Common Weakness Enumeration (CWE)