CVE-2021-37736
https://notcve.org/view.php?id=CVE-2021-37736
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de autenticación remota en Aruba ClearPass Policy Manager versión(es): ClearPass Policy Manager 6.10.x anteriores a 6.10.2 - - ClearPass Policy Manager 6.9.x anteriores a 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x anteriores a 6.8.9-HF1. Aruba ha publicado parches para ClearPass Policy Manager que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt •
CVE-2021-37737
https://notcve.org/view.php?id=CVE-2021-37737
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de inyección SQL remota en Aruba ClearPass Policy Manager versión(es): ClearPass Policy Manager 6.10.x anteriores a 6.10.2 - - ClearPass Policy Manager 6.9.x anteriores a 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x anteriores a 6.8.9-HF1. Aruba ha publicado parches para ClearPass Policy Manager que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-40999
https://notcve.org/view.php?id=CVE-2021-40999
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba ClearPass Policy Manager las versión(es): ClearPass Policy Manager 6.10.x anteriores a 6.10.2 - - ClearPass Policy Manager 6.9.x anteriores a 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x anteriores a 6.8.9-HF1. Aruba ha publicado parches para ClearPass Policy Manager que abordan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-37734
https://notcve.org/view.php?id=CVE-2021-37734
A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. Se ha detectado una vulnerabilidad de acceso remoto no autorizado a archivos en Aruba Instant versiones: 6.4.x.x: 6.4.4.8-4.2.4.18 y por debajo; Aruba Instant 6.5.x.x: 6.5.4. 19 y por debajo; Aruba Instant 8.5.x.x: 8.5.0.12 y por debajo; Aruba Instant 8.6.x.x: 8.6.0.11 y por debajo; Aruba Instant 8.7.x.x: 8.7.1.3 y por debajo; Aruba Instant 8.8.x.x: 8.8.0.0 y por debajo. Aruba ha publicado parches para Aruba Instant (IAP) que abordan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-37735
https://notcve.org/view.php?id=CVE-2021-37735
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. Se ha detectado una vulnerabilidad de denegación de servicio remota en Aruba Instant Aruba Instant versiones: 6.5.x.x: 6.5.4.18 y por debajo; Aruba Instant 8.5.x.x: 8.5.0.10 y por debajo; Aruba Instant 8.6.x.x: 8.6.0.4 y por debajo. Aruba ha publicado parches para Aruba Instant (IAP) que abordan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt • CWE-134: Use of Externally-Controlled Format String •