High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-10	CVE-2018-7083	Information Exposure vulnerability in multiple products If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. network low complexity arubanetworks siemens CWE-200	7.5
2019-05-10	CVE-2018-7082	OS Command Injection vulnerability in multiple products A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. network low complexity arubanetworks siemens CWE-78	7.2
2018-12-07	CVE-2018-7080	Unspecified vulnerability in Arubanetworks products A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. high complexity arubanetworks	7.5
2018-12-07	CVE-2018-7079	Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager Aruba ClearPass Policy Manager guest authorization failure. network low complexity arubanetworks CWE-863	7.2
2018-12-07	CVE-2018-7067	Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. network low complexity arubanetworks CWE-287	7.2
2018-12-07	CVE-2018-7065	SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. network low complexity arubanetworks CWE-89	7.2
2018-12-07	CVE-2018-7063	XXE vulnerability in Arubanetworks Clearpass Policy Manager In Aruba ClearPass, disabled API admins can still perform read/write operations. network high complexity arubanetworks CWE-611	8.1
2018-08-06	CVE-2018-7060	Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. network low complexity arubanetworks CWE-352	8.8
2018-01-08	CVE-2014-2071	Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. high complexity arubanetworks CWE-264	7.1
2017-08-29	CVE-2015-4649	Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. network low complexity arubanetworks CWE-284	7.2