CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP » Aruba Clearpass Policy Manager » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-7059 20 2018-08-06 2018-10-18
4.0
None Remote Low ??? Partial None None
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
2 CVE-2018-7058 287 +Priv Bypass 2018-08-06 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
3 CVE-2018-5390 400 DoS 2018-08-06 2020-09-18
7.8
None Remote Low Not required None None Complete
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
4 CVE-2017-9002 79 XSS +Info 2018-08-06 2018-10-18
4.3
None Remote Medium Not required None Partial None
All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
5 CVE-2017-9001 Exec Code 2018-08-06 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
6 CVE-2017-5829 Bypass 2018-02-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
7 CVE-2017-5828 611 Exec Code 2018-02-15 2019-03-11
5.5
None Remote Low ??? Partial Partial None
An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
8 CVE-2017-5827 79 XSS 2018-02-15 2019-03-11
3.5
None Remote Medium ??? None Partial None
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
9 CVE-2017-5826 Exec Code 2018-02-15 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
10 CVE-2017-5825 2018-02-15 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
11 CVE-2017-5824 Exec Code 2018-02-15 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
Total number of vulnerabilities : 11   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.