NotCVE - vendor:"Arubanetworks" product:"Clearpass" version:" <= 6.3.4"

Page 4 of 19 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-6620

https://notcve.org/view.php?id=CVE-2014-6620

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61916 http://www.arubanetworks.com/support/alerts/aid-10282014.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-4031

https://notcve.org/view.php?id=CVE-2014-4031

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados obtener las credenciales de la base de datos a través de vectores no especificados. • http://secunia.com/advisories/58936 http://www.arubanetworks.com/support/alerts/aid-07032014.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-4013

https://notcve.org/view.php?id=CVE-2014-4013

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Policy Manager en Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x hasta 6.1.4.61696, 6.2.x hasta 6.2.6.62196 y 6.3.x anterior a 6.3.4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/58936 http://www.arubanetworks.com/support/alerts/aid-07032014.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-2269

https://notcve.org/view.php?id=CVE-2013-2269

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link. La funcionalidad de confirmación de patrocinio en Aruba Networks ClearPass 5.x, 6.0.1, y 6.0.2, y Amigopod/ClearPass Guest 3.0 a 3.9.7, permite a atacantes remotos sortear restricciones de acceso establecidas y aprobar peticiones mediante el envío de una solicitud de invitado, y luego usando "manipulación de parámetros" en conjunción con información de una "página holding por defecto" para descubrir el enlace que es usado para la aprobación por el patrocinador de una petición de invitado y después ejecutar una petición directa a ese enlace. • http://secunia.com/advisories/53358 http://www.arubanetworks.com/support/alerts/aid-050813.asc http://www.securityfocus.com/bid/59805 • CWE-264: Permissions, Privileges, and Access Controls •

1 2 3 4