CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6621
https://notcve.org/view.php?id=CVE-2014-6621
19 Nov 2014 — Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 no deshabilita la página de solución de problemas y diagnóstico en los sistemas de producción, lo que permite a atacantes remotos obtener números de versión, la configurac... • http://secunia.com/advisories/61916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6625
https://notcve.org/view.php?id=CVE-2014-6625
19 Nov 2014 — The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. El gestor de política en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a usuarios remotos autenticados ganar privilegios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6624
https://notcve.org/view.php?id=CVE-2014-6624
19 Nov 2014 — The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. El módulo Insight en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6620
https://notcve.org/view.php?id=CVE-2014-6620
07 Nov 2014 — Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6623
https://notcve.org/view.php?id=CVE-2014-6623
07 Nov 2014 — Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. Vulnerabilidad de CSRF en el módulo Insight en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos secuestrar la autenticación de un usuario que ha iniciado sesión a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4031
https://notcve.org/view.php?id=CVE-2014-4031
15 Jul 2014 — The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados obtener las credenciales de la base de datos a través de vectores no especificados. • http://secunia.com/advisories/58936 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4013
https://notcve.org/view.php?id=CVE-2014-4013
14 Jul 2014 — SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de ve... • http://secunia.com/advisories/58936 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2269
https://notcve.org/view.php?id=CVE-2013-2269
01 Oct 2013 — The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link. La funcionalidad de confirmación de... • http://secunia.com/advisories/53358 • CWE-264: Permissions, Privileges, and Access Controls •