Vulnerabilities > Arubanetworks > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-07 CVE-2018-7079 Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager
Aruba ClearPass Policy Manager guest authorization failure.
network
low complexity
arubanetworks CWE-863
7.2
2018-12-07 CVE-2018-7067 Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise.
network
low complexity
arubanetworks CWE-287
7.2
2018-12-07 CVE-2018-7065 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation.
network
low complexity
arubanetworks CWE-89
7.2
2018-12-07 CVE-2018-7063 XXE vulnerability in Arubanetworks Clearpass Policy Manager
In Aruba ClearPass, disabled API admins can still perform read/write operations.
network
high complexity
arubanetworks CWE-611
8.1
2018-08-06 CVE-2018-7060 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users.
network
low complexity
arubanetworks CWE-352
8.8
2018-01-08 CVE-2014-2071 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
high complexity
arubanetworks CWE-264
7.1
2017-08-29 CVE-2015-4649 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
network
low complexity
arubanetworks CWE-284
7.2
2017-08-29 CVE-2015-3657 Improper Access Control vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
network
low complexity
arubanetworks CWE-284
7.2
2017-08-29 CVE-2015-3656 Improper Authorization vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
network
low complexity
arubanetworks CWE-285
7.2
2017-08-29 CVE-2015-3655 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
network
low complexity
arubanetworks CWE-352
8.8