CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23660
https://notcve.org/view.php?id=CVE-2022-23660
16 May 2022 — A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de autenticación remota en Aruba ClearPass Policy Manager versiones: 6.10.4 y anteriores, 6.9.9 y anteriores, 6.8.9-HF2 y anteriores, 6.7.x y anteriores. Aruba ha publicado actualizaciones d... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23659
https://notcve.org/view.php?id=CVE-2022-23659
16 May 2022 — A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de tipo cross site scripting (xss) reflejado de forma remota en Aruba ClearPass Policy Manager versiones: 6.10.4 y anteriores, 6.9.9 y anteriores, 6.8.9-HF2 y anteriores, 6.7.x y anterio... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23658
https://notcve.org/view.php?id=CVE-2022-23658
16 May 2022 — A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de autenticación remota en Aruba ClearPass Policy Manager versiones: 6.10.4 y anteriores, 6.9.9 y anteriores, 6.8.9-HF2 y anteriores, 6.7.x y anteriores. Aruba ha publicado actualizaciones d... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23657
https://notcve.org/view.php?id=CVE-2022-23657
16 May 2022 — A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de autenticación remota en Aruba ClearPass Policy Manage versiones: 6.10.4 y anteriores, 6.9.9 y anteriores, 6.8.9-HF2 y anteriores, 6.7.x y anteriores. Aruba ha publicado actualizaciones de... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7120
https://notcve.org/view.php?id=CVE-2020-7120
23 Feb 2021 — A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. Se detectó una vulnerabilidad de desbordamiento del búfer autenticado local en Aruba Clea... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26677
https://notcve.org/view.php?id=CVE-2021-26677
23 Feb 2021 — A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. Se detectó una vulnerabilidad de escalada de privilegios autenticada local en Aruba ClearPass Policy Manager versiones: Anter... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt •
CVSS: 9.0EPSS: 3%CPEs: 5EXPL: 0CVE-2021-26679
https://notcve.org/view.php?id=CVE-2021-26679
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Una vulnerabilidad de inyección de comando autentica... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2021-26680
https://notcve.org/view.php?id=CVE-2021-26680
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Una vulnerabilidad de inyección de comando autentica... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26678
https://notcve.org/view.php?id=CVE-2021-26678
23 Feb 2021 — A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2021-26684
https://notcve.org/view.php?id=CVE-2021-26684
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Se detectó una vulnerabilidad de inyección de comand... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •