Arubanetworks: >> Clearpass >> 6.7.2 Security Vulnerabilities
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
CVSS Score
7.2
EPSS Score
0.028
Published
2020-04-16
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-04-16
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-16
Page 2