Arubanetworks Clearpass Policy Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Arubanetworks Clearpass Policy Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (136)
CVE-2022-23657 — CVSS 10.0 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and…
CVE-2022-23660 — CVSS 10.0 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and…
CVE-2022-23658 — CVSS 10.0 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and…
CVE-2015-4650 — CVSS 9.8 (critical): Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute…
CVE-2021-37736 — CVSS 9.8 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x…
CVE-2023-25589 — CVSS 9.8 (critical): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create…
CVE-2021-40996 — CVSS 9.8 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x…
CVE-2021-40997 — CVSS 9.8 (critical): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x…
CVE-2020-7115 — CVSS 9.8 (critical): The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an…
CVE-2022-23666 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23662 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23663 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23664 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23665 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23661 — CVSS 9.1 (critical): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2018-7066 — CVSS 9.0 (critical): An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature…
CVE-2014-2593 — CVSS 9.0 (critical): The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell…
CVE-2015-1550 — CVSS 9.0 (critical): Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute…
CVE-2014-6628 — CVSS 9.0 (critical): Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
CVE-2022-23693 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2022-23692 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2022-23685 — CVSS 8.8 (high): A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site…
CVE-2022-23669 — CVSS 8.8 (high): A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below…
CVE-2022-43531 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2022-43530 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2021-34609 — CVSS 8.8 (high): A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba…
CVE-2022-23696 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2022-23695 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2022-23694 — CVSS 8.8 (high): Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2021-37737 — CVSS 8.8 (high): A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to…
CVE-2025-23058 — CVSS 8.8 (high): A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote…
CVE-2021-40993 — CVSS 8.1 (high): A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to…
CVE-2018-7063 — CVSS 8.1 (high): In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which…
CVE-2022-43532 — CVSS 8.0 (high): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a…
CVE-2020-7123 — CVSS 7.8 (high): A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9…
CVE-2021-26677 — CVSS 7.8 (high): A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2022-37877 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A…
CVE-2023-25590 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to…
CVE-2022-43534 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A…
CVE-2022-43533 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A…
CVE-2022-43535 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges…
CVE-2023-43506 — CVSS 7.8 (high): A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to…
CVE-2021-40989 — CVSS 7.8 (high): A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x…
CVE-2023-25591 — CVSS 7.6 (high): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low…
CVE-2014-8367 — CVSS 7.5 (high): SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows…
CVE-2022-37884 — CVSS 7.5 (high): A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific…
CVE-2022-23671 — CVSS 7.5 (high): A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below…
CVE-2021-37738 — CVSS 7.5 (high): A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy…
CVE-2021-34610 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2018-7065 — CVSS 7.2 (high): An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass…
CVE-2018-7067 — CVSS 7.2 (high): A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all…
CVE-2018-7079 — CVSS 7.2 (high): Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce…
CVE-2020-7116 — CVSS 7.2 (high): The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already…
CVE-2020-7117 — CVSS 7.2 (high): The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already…
CVE-2021-26679 — CVSS 7.2 (high): A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-26680 — CVSS 7.2 (high): A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-26681 — CVSS 7.2 (high): A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-26683 — CVSS 7.2 (high): A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-26684 — CVSS 7.2 (high): A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-29150 — CVSS 7.2 (high): A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-34611 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-37739 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-40986 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-40987 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-40988 — CVSS 7.2 (high): A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x…
CVE-2021-40991 — CVSS 7.2 (high): A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy…
CVE-2021-40992 — CVSS 7.2 (high): A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to…
CVE-2021-40998 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-40999 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2022-23667 — CVSS 7.2 (high): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23672 — CVSS 7.2 (high): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-23673 — CVSS 7.2 (high): A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9…
CVE-2022-37878 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-37879 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-37880 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-37881 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-37882 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-37883 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-43536 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-43537 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2022-43538 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2023-43507 — CVSS 7.2 (high): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2024-26294 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2024-26295 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2024-26296 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2024-26297 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2024-26298 — CVSS 7.2 (high): Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands…
CVE-2024-41915 — CVSS 7.2 (high): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct…
CVE-2024-51771 — CVSS 7.2 (high): A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote…
CVE-2023-25593 — CVSS 7.1 (high): Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected…
CVE-2023-25592 — CVSS 7.1 (high): Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected…
CVE-2025-23059 — CVSS 6.8 (medium): A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing…
CVE-2024-41916 — CVSS 6.8 (medium): A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive…
CVE-2024-26299 — CVSS 6.6 (medium): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a…
CVE-2024-26300 — CVSS 6.6 (medium): A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored…
CVE-2025-23060 — CVSS 6.6 (medium): A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted…
CVE-2021-26686 — CVSS 6.5 (medium): A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1…
CVE-2024-26301 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low…
CVE-2021-29152 — CVSS 6.5 (medium): A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-40990 — CVSS 6.5 (medium): A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy…
CVE-2022-23670 — CVSS 6.5 (medium): A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below…
CVE-2021-26685 — CVSS 6.5 (medium): A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1…
CVE-2024-51772 — CVSS 6.4 (medium): An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run…
CVE-2021-34613 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-34612 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2023-25594 — CVSS 6.3 (medium): A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform…
CVE-2023-43508 — CVSS 6.3 (medium): Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform…
CVE-2021-40995 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-40994 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager…
CVE-2021-34616 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-34615 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-34614 — CVSS 6.3 (medium): A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and…
CVE-2021-26682 — CVSS 6.1 (medium): A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5…
CVE-2021-26678 — CVSS 6.1 (medium): A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior…
CVE-2022-23659 — CVSS 6.1 (medium): A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below…
CVE-2023-43509 — CVSS 5.8 (medium): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send…
CVE-2024-5486 — CVSS 5.8 (medium): A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive…
CVE-2022-43539 — CVSS 5.7 (medium): A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position…
CVE-2023-25595 — CVSS 5.5 (medium): A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially…
CVE-2022-43540 — CVSS 5.5 (medium): A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially…
CVE-2022-23674 — CVSS 5.4 (medium): A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4…
CVE-2020-7120 — CVSS 5.3 (medium): A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1…
CVE-2022-23668 — CVSS 4.9 (medium): A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4…
CVE-2024-26302 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low…
CVE-2024-51773 — CVSS 4.8 (medium): A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote…
CVE-2022-23675 — CVSS 4.8 (medium): A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4…
CVE-2025-25039 — CVSS 4.7 (medium): A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated…
CVE-2024-53672 — CVSS 4.7 (medium): A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands…
CVE-2023-43510 — CVSS 4.7 (medium): A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands…
CVE-2023-25596 — CVSS 4.5 (medium): A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive…
CVE-2015-1389 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject…
CVE-2021-29151 — CVSS 4.3 (medium): A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9…
CVE-2015-1551 — CVSS 4.0 (medium): Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read…