Vulnerabilities > Arubanetworks > Clearpass > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-29147 OS Command Injection vulnerability in Arubanetworks Clearpass
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-78
critical
 9.0
9.0
2019-11-06 CVE-2016-4401 Insufficiently Protected Credentials vulnerability in Arubanetworks Clearpass
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
network
low complexity
arubanetworks CWE-522
critical
 10.0
10
2017-08-29 CVE-2015-3653 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
network
low complexity
arubanetworks CWE-284
critical
 9.0
9.0
2017-08-29 CVE-2015-3654 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
network
low complexity
arubanetworks CWE-284
critical
 9.0
9.0
2017-08-29 CVE-2015-4649 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
network
low complexity
arubanetworks CWE-284
critical
 9.0
9.0
2014-11-19 CVE-2014-5342 Unspecified vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.
network
low complexity
arubanetworks
critical
 10.0
10
2014-11-19 CVE-2014-6625 Improper Access Control vulnerability in Arubanetworks Clearpass
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
network
low complexity
arubanetworks CWE-284
critical
 9.0
9.0
2014-11-19 CVE-2014-6626 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
network
low complexity
arubanetworks CWE-284
critical
 10.0
10
2014-11-19 CVE-2014-6627 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
network
low complexity
arubanetworks CWE-284
critical
 9.0
9.0