Arubanetworks Clearpass — known CVE vulnerabilities
Every CVE whose affected-product data names Arubanetworks Clearpass, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2014-6626 — CVSS 10.0 (critical): Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions…
CVE-2014-5342 — CVSS 10.0 (critical): Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors…
CVE-2016-4401 — CVSS 9.8 (critical): Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
CVE-2021-29145 — CVSS 9.8 (critical): A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s)…
CVE-2020-7114 — CVSS 9.8 (critical): A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to…
CVE-2014-6627 — CVSS 9.0 (critical): Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors…
CVE-2014-6625 — CVSS 9.0 (critical): The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via…
CVE-2015-3655 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows…
CVE-2021-29147 — CVSS 8.8 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9…
CVE-2018-7060 — CVSS 8.8 (high): Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could…
CVE-2021-29140 — CVSS 8.2 (high): A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9…
CVE-2015-4649 — CVSS 7.2 (high): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root…
CVE-2015-3653 — CVSS 7.2 (high): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to…
CVE-2015-3654 — CVSS 7.2 (high): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root…
CVE-2015-3656 — CVSS 7.2 (high): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain…
CVE-2015-3657 — CVSS 7.2 (high): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain…
CVE-2020-7111 — CVSS 7.2 (high): A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in…
CVE-2014-2071 — CVSS 7.1 (high): Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and…
CVE-2014-6624 — CVSS 6.8 (medium): The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary…
CVE-2021-29144 — CVSS 6.5 (medium): A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5…
CVE-2018-0489 — CVSS 6.5 (medium): Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles…
CVE-2021-29141 — CVSS 6.5 (medium): A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5…
CVE-2021-29138 — CVSS 6.5 (medium): A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5…
CVE-2021-29146 — CVSS 5.4 (medium): A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9…
CVE-2013-2269 — CVSS 5.0 (medium): The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through…
CVE-2014-6621 — CVSS 5.0 (medium): Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production…
CVE-2014-6622 — CVSS 5.0 (medium): Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified…
CVE-2014-4013 — CVSS 4.9 (medium): SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through…
CVE-2020-7113 — CVSS 4.9 (medium): A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change…
CVE-2020-7110 — CVSS 4.8 (medium): ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to…
CVE-2021-29142 — CVSS 4.8 (medium): A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9…
CVE-2021-29139 — CVSS 4.8 (medium): A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9…
CVE-2014-6623 — CVSS 4.3 (medium): Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1…
CVE-2014-6620 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject…
CVE-2014-4031 — CVSS 4.0 (medium): The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4…