Vulnerabilities > Arubanetworks > Clearpass Policy Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-07 CVE-2018-7065 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation.
network
low complexity
arubanetworks CWE-89
6.5
6.5
2018-12-07 CVE-2018-7063 XXE vulnerability in Arubanetworks Clearpass Policy Manager
In Aruba ClearPass, disabled API admins can still perform read/write operations. 		6.8
6.8
2015-05-28 CVE-2015-1551 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
network
low complexity
arubanetworks CWE-264
4.0
4.0
2015-05-28 CVE-2015-1392 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
arubanetworks CWE-89
6.5
6.5
2015-05-28 CVE-2015-1389 Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. 		4.3
4.3