CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8367
https://notcve.org/view.php?id=CVE-2014-8367
25 Nov 2014 — SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x anterior a 6.3.6, y 6.4.x anterior a 6.4.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62602 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2593
https://notcve.org/view.php?id=CVE-2014-2593
29 Aug 2014 — The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. La consola de gestión en Aruba Networks ClearPass Policy Manager 6.3.0.60730 permite a usuarios locales ejecutar comandos arbitrarios a través de metacaracteres de shell en ciertos argumentos de un comando válido como fue demostrado por ... • http://osvdb.org/show/osvdb/109662 • CWE-264: Permissions, Privileges, and Access Controls •