CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1392
https://notcve.org/view.php?id=CVE-2015-1392
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permiten a administradores remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4132
https://notcve.org/view.php?id=CVE-2015-4132
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permiten a administradores remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt http://www.securityfocus.com/bid/74852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6628
https://notcve.org/view.php?id=CVE-2014-6628
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.5.0 permite a administradores remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1551
https://notcve.org/view.php?id=CVE-2015-1551
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.4 permite a administradores remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2015-1389 – Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1389
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. Vulnerabilidad de XSS en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro username en tips/tipsLoginSubmit.action. Aruba ClearPass Policy Manager version 6.4 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37172 http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/May/115 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •