Shodan
Vulnerabilities
Vulnerable Software
Arubanetworks:  >> Clearpass Policy Manager  >> 3.5.1  Security Vulnerabilities
CVE-2018-7079
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-12-07
CVE-2015-4650
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.055
Published
2017-10-16
CVE-2017-5638
Known exploited
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVSS Score
9.8
EPSS Score
0.943
Published
2017-03-11
CVE-2015-4132
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.003
Published
2015-05-28
CVE-2015-1551
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-05-28
CVE-2015-1550
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
CVSS Score
9.0
EPSS Score
0.008
Published
2015-05-28
CVE-2015-1392
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2015-05-28
CVE-2015-1389
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
CVSS Score
4.3
EPSS Score
0.109
Published
2015-05-28
CVE-2014-6628
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
CVSS Score
9.0
EPSS Score
0.007
Published
2015-05-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved