Vulnerabilities > Arubanetworks > Clearpass Policy Manager > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-15 | CVE-2021-40997 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 9.8 |
| 2021-10-15 | CVE-2021-40996 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 9.8 |
| 2021-10-15 | CVE-2021-37736 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 9.8 |
| 2020-06-03 | CVE-2020-7115 | Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. | 9.8 |
| 2018-12-07 | CVE-2018-7066 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. | 9.0 |
| 2017-10-16 | CVE-2015-4650 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | 9.8 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |