CVSS: 10.0EPSS: 5%CPEs: 3EXPL: 0CVE-2015-4650
https://notcve.org/view.php?id=CVE-2015-4650
16 Oct 2017 — Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager en versiones anteriores a la 6.4.7 y en la versión 6.5. x anterior a la 6.5.2 permite que atacantes remotos obtengan acceso shell y ejecutar código arbitrario con privilegios root mediante vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6628
https://notcve.org/view.php?id=CVE-2014-6628
28 May 2015 — Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.5.0 permite a administradores remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1392
https://notcve.org/view.php?id=CVE-2015-1392
28 May 2015 — Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permiten a administradores remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1550
https://notcve.org/view.php?id=CVE-2015-1550
28 May 2015 — Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permite a usuarios remotos autenticados ejecutar ficheros arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1551
https://notcve.org/view.php?id=CVE-2015-1551
28 May 2015 — Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.4 permite a administradores remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4132
https://notcve.org/view.php?id=CVE-2015-4132
28 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permiten a administradores remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 5CVE-2015-1389 – Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1389
27 May 2015 — Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. Vulnerabilidad de XSS en Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.4.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro username en tips/tipsLoginSubmit.action. Aruba ClearPass Policy Manager version 6.4 suffers... • https://packetstorm.news/files/id/132060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8367
https://notcve.org/view.php?id=CVE-2014-8367
25 Nov 2014 — SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x anterior a 6.3.6, y 6.4.x anterior a 6.4.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62602 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2593
https://notcve.org/view.php?id=CVE-2014-2593
29 Aug 2014 — The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. La consola de gestión en Aruba Networks ClearPass Policy Manager 6.3.0.60730 permite a usuarios locales ejecutar comandos arbitrarios a través de metacaracteres de shell en ciertos argumentos de un comando válido como fue demostrado por ... • http://osvdb.org/show/osvdb/109662 • CWE-264: Permissions, Privileges, and Access Controls •