CVEDB API

Vulnerabilities

Vulnerable Software

Arubanetworks: >> Clearpass Policy Manager >> 6.8.8 Security Vulnerabilities

CVE-2021-29152

A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

CVSS Score

6.5

EPSS Score

0.006

Published

2021-07-08

CVE-2021-34610

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

CVSS Score

7.2

EPSS Score

0.033

Published

2021-07-08

CVE-2021-34611

CVSS Score

7.2

EPSS Score

0.025

Published

2021-07-08

CVE-2021-29150

A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

CVSS Score

7.2

EPSS Score

0.014

Published

2021-07-08

CVE-2021-26680

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

CVSS Score

7.2

EPSS Score

0.018

Published

2021-02-23

CVE-2021-26679

CVSS Score

7.2

EPSS Score

0.033

Published

2021-02-23

CVE-2021-26682

A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-02-23

CVE-2021-26683

CVSS Score

7.2

EPSS Score

0.033

Published

2021-02-23

CVE-2021-26685

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.

CVSS Score

6.5

EPSS Score

0.002

Published

2021-02-23

Page 6

Vulnerabilities

Vulnerable Software

Arubanetworks: >> Clearpass Policy Manager >> 6.8.8 Security Vulnerabilities

Products

Pricing

Contact Us