CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6622
https://notcve.org/view.php?id=CVE-2014-6622
19 Nov 2014 — Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos determinar la validación de nombres de archivo a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6626
https://notcve.org/view.php?id=CVE-2014-6626
19 Nov 2014 — Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 no restringe correctamente el acceso a funciones administrativas sin especificar, lo que permite a atacantes remotos evadir la autenticación y ejecutar acciones administrativas a través de vectores ... • http://secunia.com/advisories/61916 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6621
https://notcve.org/view.php?id=CVE-2014-6621
19 Nov 2014 — Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 no deshabilita la página de solución de problemas y diagnóstico en los sistemas de producción, lo que permite a atacantes remotos obtener números de versión, la configurac... • http://secunia.com/advisories/61916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6625
https://notcve.org/view.php?id=CVE-2014-6625
19 Nov 2014 — The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. El gestor de política en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a usuarios remotos autenticados ganar privilegios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6624
https://notcve.org/view.php?id=CVE-2014-6624
19 Nov 2014 — The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. El módulo Insight en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6620
https://notcve.org/view.php?id=CVE-2014-6620
07 Nov 2014 — Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6623
https://notcve.org/view.php?id=CVE-2014-6623
07 Nov 2014 — Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. Vulnerabilidad de CSRF en el módulo Insight en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos secuestrar la autenticación de un usuario que ha iniciado sesión a través de vectores no especificados. • http://secunia.com/advisories/61916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4031
https://notcve.org/view.php?id=CVE-2014-4031
15 Jul 2014 — The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados obtener las credenciales de la base de datos a través de vectores no especificados. • http://secunia.com/advisories/58936 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4013
https://notcve.org/view.php?id=CVE-2014-4013
14 Jul 2014 — SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de ve... • http://secunia.com/advisories/58936 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •