CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3657
https://notcve.org/view.php?id=CVE-2015-3657
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager en versiones anteriores a la 6.4.7 y en la versión 6.5.x anterior a la 6.5.2 permite que los administradores autenticados remotos de bajo nivel obtengan privilegios "Super Admin" mediante vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt http://www.securityfocus.com/bid/100600 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2034
https://notcve.org/view.php?id=CVE-2016-2034
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. Vulnerabilidad de inyección SQL en ClearPass Policy Manager versiones 6.5.x hasta 6.5.6 y versión 6.6.0. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-009.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 2CVE-2016-2031 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2016-2031
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Se presentan múltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobación insuficiente de la entrada suministrada por el usuario y una comprobación insuficiente de los parámetros, lo que podría permitir a un usuario malicioso omitir las restricciones de seguridad, obtener información confidencial, llevar a cabo acciones no autorizadas y ejecutar código arbitrario. Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html http://seclists.org/fulldisclosure/2016/May/19 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf https://www.securityfocus.com/bid/90207 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 2CVE-2016-2032 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2016-2032
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administración de un componente de un sistema subyacente llamado RabbitMQ, lo que podría permitir a un usuario malicioso obtener información confidencial. Esta interfaz escucha sobre los puertos TCP 15672 y 55672 Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html http://seclists.org/fulldisclosure/2016/May/19 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt https://www.google.com/about/appsecurity/research • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6628
https://notcve.org/view.php?id=CVE-2014-6628
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. Aruba Networks ClearPass Policy Manager (CPPM) anterior a 6.5.0 permite a administradores remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt •