Vulnerabilities > Arubanetworks > Clearpass Policy Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-07 | CVE-2018-7065 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. | 6.5 |
2018-12-07 | CVE-2018-7063 | XXE vulnerability in Arubanetworks Clearpass Policy Manager In Aruba ClearPass, disabled API admins can still perform read/write operations. | 6.8 |
2015-05-28 | CVE-2015-1551 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | 4.0 |
2015-05-28 | CVE-2015-1392 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-05-28 | CVE-2015-1389 | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. | 4.3 |