CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26680
https://notcve.org/view.php?id=CVE-2021-26680
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Una vulnerabilidad de inyección de comando autenticada remota fue detectada en Aruba ClearPass Policy Manager versiones: Anteriores a 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Una vulnerabilidad en la interfaz de administración basada en web de ClearPass permite a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26682
https://notcve.org/view.php?id=CVE-2021-26682
A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. Se detectó una vulnerabilidad de tipo cross-site scripting (XSS) reflejado remoto en Aruba ClearPass Policy Manager: versiones anteriores a 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Una vulnerabilidad en la interfaz del portal de invitados de ClearPass podría permitir a un atacante remoto llevar a cabo un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario del portal. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7110
https://notcve.org/view.php?id=CVE-2020-7110
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. ClearPass es vulnerable a un ataque de tipo Cross Site Scripting Almacenado al permitir a un administrador malicioso, o una cuenta de administrador comprometida, guardar scripts maliciosos dentro de ClearPass que podrían ser ejecutados, resultando en un ataque de escalada de privilegios. Resolución: corregido en las versiones 6.7.13, 6.8.4, 6.9.0 y posteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7113
https://notcve.org/view.php?id=CVE-2020-7113
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher. Se encontró una vulnerabilidad cuando un atacante, mientras se comunica con la interfaz de administración de ClearPass, es capaz de interceptar y cambiar los parámetros en los paquetes HTTP, resultando en el compromiso de algunas de las cuentas de servicio de ClearPass. Resolución: corregido en las versiones 6.7.10, 6.8.1, 6.9.0 y posteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7111
https://notcve.org/view.php?id=CVE-2020-7111
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. Hay una vulnerabilidad de inyección en el lado del servidor que podría permitir a un usuario administrativo autenticado lograr una Ejecución de Código Remota en ClearPass. Resolución: corregido en las versiones 6.7.13, 6.8.4, 6.9.0 y posteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •