CVE-2018-7063
https://notcve.org/view.php?id=CVE-2018-7063
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts. En Aruba ClearPass, los administradores de la API deshabilitados pueden seguir realizando operaciones de lectura/escritura. En ciertas circunstancias, los administradores de la API en ClearPass que han sido deshabilitados podrían seguir siendo capaces de realizar operaciones de lectura/escritura en partes de la API XML. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2015-4650
https://notcve.org/view.php?id=CVE-2015-4650
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager en versiones anteriores a la 6.4.7 y en la versión 6.5. x anterior a la 6.5.2 permite que atacantes remotos obtengan acceso shell y ejecutar código arbitrario con privilegios root mediante vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt http://www.securityfocus.com/bid/76115 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-6628
https://notcve.org/view.php?id=CVE-2014-6628
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.5.0 permite a administradores remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt •
CVE-2015-1392
https://notcve.org/view.php?id=CVE-2015-1392
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permiten a administradores remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-1551
https://notcve.org/view.php?id=CVE-2015-1551
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.4 permite a administradores remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-264: Permissions, Privileges, and Access Controls •