Vulnerabilities > Arubanetworks > Clearpass Policy Manager

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-26678 Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-79
6.1
2021-02-23 CVE-2021-26685 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-89
6.5
2020-06-03 CVE-2020-7117 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks
7.2
2020-06-03 CVE-2020-7116 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution.
network
low complexity
arubanetworks
7.2
2020-06-03 CVE-2020-7115 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass.
network
low complexity
arubanetworks CWE-306
critical
9.8
2018-12-07 CVE-2018-7079 Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager
Aruba ClearPass Policy Manager guest authorization failure.
network
low complexity
arubanetworks CWE-863
7.2
2018-12-07 CVE-2018-7067 Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise.
network
low complexity
arubanetworks CWE-287
7.2
2018-12-07 CVE-2018-7066 Unspecified vulnerability in Arubanetworks Clearpass Policy Manager
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices.
network
high complexity
arubanetworks
critical
9.0
2018-12-07 CVE-2018-7065 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation.
network
low complexity
arubanetworks CWE-89
7.2
2018-12-07 CVE-2018-7063 XXE vulnerability in Arubanetworks Clearpass Policy Manager
In Aruba ClearPass, disabled API admins can still perform read/write operations.
network
high complexity
arubanetworks CWE-611
8.1