CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25593 – Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2023-25593
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25592 – Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2023-25592
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25591 – Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2023-25591
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25590 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-25590
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25589 – Unauthenticated Arbitrary User Creation Leads to Complete System Compromise
https://notcve.org/view.php?id=CVE-2023-25589
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt •