CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29152
https://notcve.org/view.php?id=CVE-2021-29152
08 Jul 2021 — A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) remota en Aruba ClearPass Policy Manager version(es) : Anteriores a 6.10.0, 6.9.6 y 6.8.9. Aruba ha publicado actualizaciones de ClearPass Policy Manager que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29151
https://notcve.org/view.php?id=CVE-2021-29151
08 Jul 2021 — A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de autenticación remota en Aruba ClearPass Policy Manager version(es) : Anteriores a 6.10.0, 6.9.6 y 6.8.9. Aruba ha publicado actualizaciones de ClearPass Policy Manager que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2021-29150
https://notcve.org/view.php?id=CVE-2021-29150
08 Jul 2021 — A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. Se ha detectado una vulnerabilidad de deserialización no segura remota en Aruba ClearPass Policy Manager version(es): Anteriores a 6.10.0, 6.9.6 y 6.8.9. Aruba ha publicado actualizaciones de ClearPass Policy Manager que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7120
https://notcve.org/view.php?id=CVE-2020-7120
23 Feb 2021 — A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. Se detectó una vulnerabilidad de desbordamiento del búfer autenticado local en Aruba Clea... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26677
https://notcve.org/view.php?id=CVE-2021-26677
23 Feb 2021 — A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. Se detectó una vulnerabilidad de escalada de privilegios autenticada local en Aruba ClearPass Policy Manager versiones: Anter... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt •
CVSS: 9.0EPSS: 3%CPEs: 5EXPL: 0CVE-2021-26679
https://notcve.org/view.php?id=CVE-2021-26679
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Una vulnerabilidad de inyección de comando autentica... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2021-26680
https://notcve.org/view.php?id=CVE-2021-26680
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Una vulnerabilidad de inyección de comando autentica... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26678
https://notcve.org/view.php?id=CVE-2021-26678
23 Feb 2021 — A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2021-26684
https://notcve.org/view.php?id=CVE-2021-26684
23 Feb 2021 — A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. Se detectó una vulnerabilidad de inyección de comand... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26682
https://notcve.org/view.php?id=CVE-2021-26682
23 Feb 2021 — A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. Se detectó una vulnerabilidad ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •