CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43532
https://notcve.org/view.php?id=CVE-2022-43532
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager podría permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario administrativo de la interfaz. Un exploit exitoso permite a un atacante ejecutar código de script arbitrario en el navegador de una víctima en el contexto de la interfaz afectada en las versiones de Aruba ClearPass Policy Manager: ClearPass Policy Manager 6.10.x: 6.10.7 y anteriores y ClearPass Policy Manager 6.9. x: 6.9.12 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43531
https://notcve.org/view.php?id=CVE-2022-43531
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Las vulnerabilidades en la interfaz de administración basada en web de ClearPass Policy Manager podrían permitir que un atacante remoto autenticado realice ataques de inyección SQL contra la instancia de ClearPass Policy Manager. Un atacante podría aprovechar estas vulnerabilidades para obtener y modificar información confidencial en la base de datos subyacente, lo que podría comprometer completamente el clúster de ClearPass Policy Manager en las versiones de Aruba ClearPass Policy Manager: ClearPass Policy Manager 6.10.x: 6.10.7 y anteriores. ClearPass Policy Manager 6.9.x: 6.9.12 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43530
https://notcve.org/view.php?id=CVE-2022-43530
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. Las vulnerabilidades en la interfaz de administración basada en web de ClearPass Policy Manager podrían permitir que un atacante remoto autenticado realice ataques de inyección SQL contra la instancia de ClearPass Policy Manager. Un atacante podría aprovechar estas vulnerabilidades para obtener y modificar información confidencial en la base de datos subyacente, lo que podría comprometer completamente el clúster de ClearPass Policy Manager en las versiones de Aruba ClearPass Policy Manager: ClearPass Policy Manager 6.10.x: 6.10.7 y anteriores. ClearPass Policy Manager 6.9.x: 6.9.12 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-44535
https://notcve.org/view.php?id=CVE-2022-44535
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve administrative privilege on the web-management interface leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. Una vulnerabilidad en la interfaz de administración basada en web de Aruba EdgeConnect Enterprise Orchestrator permite a usuarios remotos autenticados con pocos privilegios escalar sus privilegios a los de un usuario administrativo. Un exploit exitoso podría permitir a un atacante obtener privilegios administrativos en la interfaz de administración web, lo que llevaría a comprometer completamente el sistema en las versiones del software Aruba EdgeConnect Enterprise Orchestration: Aruba EdgeConnect Enterprise Orchestrator (local), Aruba EdgeConnect Enterprise Orchestrator-as- a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP y Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 y versiones anteriores, - Orchestrator 9.1.4.40436 y versiones anteriores, - Orchestrator 9.0.7.40110 y versiones anteriores, - Orchestrator 8.10.23.40015 y versiones anteriores , - Cualquier rama anterior de Orchestrator que no se mencione específicamente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2022-44534
https://notcve.org/view.php?id=CVE-2022-44534
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. Una vulnerabilidad en la interfaz de administración basada en web de Aruba EdgeConnect Enterprise Orchestrator permite a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Un exploit exitoso podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, lo que podría comprometer completamente el sistema en las versiones del software Aruba EdgeConnect Enterprise Orchestration: Aruba EdgeConnect Enterprise Orchestrator (local), Aruba EdgeConnect Enterprise Orchestrator-as -a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP y Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 y anteriores, - Orchestrator 9.1.4.40436 y anteriores, - Orchestrator 9.0.7.40110 y anteriores, - Orchestrator 8.10.23.40015 y a continuación, - Cualquier rama anterior de Orchestrator que no se mencione específicamente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt •