This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Arubanetworks First view 2013-10-01
Product Clearpass Last view 2021-04-29
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:arubanetworks:clearpass:5.1:*:*:*:*:*:*:* 35
cpe:2.3:a:arubanetworks:clearpass:6.0.1:*:*:*:*:*:*:* 35
cpe:2.3:a:arubanetworks:clearpass:5.2:*:*:*:*:*:*:* 35
cpe:2.3:a:arubanetworks:clearpass:6.0.2:*:*:*:*:*:*:* 35
cpe:2.3:a:arubanetworks:clearpass:5.0.1:*:*:*:*:*:*:* 35
cpe:2.3:a:arubanetworks:clearpass:6.1.4.61696:*:*:*:*:*:*:* 34
cpe:2.3:a:arubanetworks:clearpass:6.2.6.62196:*:*:*:*:*:*:* 34
cpe:2.3:a:arubanetworks:clearpass:6.3:*:*:*:*:*:*:* 34
cpe:2.3:a:arubanetworks:clearpass:6.2:*:*:*:*:*:*:* 34
cpe:2.3:a:arubanetworks:clearpass:6.1:*:*:*:*:*:*:* 34
cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:* 32
cpe:2.3:a:arubanetworks:clearpass:6.4.0:*:*:*:*:*:*:* 31
cpe:2.3:a:arubanetworks:clearpass:6.5.1:*:*:*:*:*:*:* 23
cpe:2.3:a:arubanetworks:clearpass:6.5:*:*:*:*:*:*:* 22
cpe:2.3:a:arubanetworks:clearpass:6.5.0:*:*:*:*:*:*:* 18
cpe:2.3:a:arubanetworks:clearpass:6.6.0:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.5.6:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.5.5:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.5.2:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.5.4:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.5.3:*:*:*:*:*:*:* 17
cpe:2.3:a:arubanetworks:clearpass:6.7.14:-:*:*:*:*:*:* 13

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2021-04-29 CVE-2021-29147

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
5.4 2021-04-29 CVE-2021-29146

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
9.8 2021-04-29 CVE-2021-29145

A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
6.5 2021-04-29 CVE-2021-29144

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
4.8 2021-04-29 CVE-2021-29142

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
6.5 2021-04-29 CVE-2021-29141

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
8.2 2021-04-29 CVE-2021-29140

A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
4.8 2021-04-29 CVE-2021-29139

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
6.5 2021-04-29 CVE-2021-29138

A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
9.8 2020-04-16 CVE-2020-7114

A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
4.9 2020-04-16 CVE-2020-7113

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
7.2 2020-04-16 CVE-2020-7111

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
4.8 2020-04-16 CVE-2020-7110

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
9.8 2019-11-06 CVE-2016-4401

Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
8.8 2018-08-06 CVE-2018-7060

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
6.5 2018-02-27 CVE-2018-0489

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
7.1 2018-01-08 CVE-2014-2071

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
7.2 2017-08-29 CVE-2015-4649

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
7.2 2017-08-29 CVE-2015-3657

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
7.2 2017-08-29 CVE-2015-3656

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
8.8 2017-08-29 CVE-2015-3655

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
7.2 2017-08-29 CVE-2015-3654

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
7.2 2017-08-29 CVE-2015-3653

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
9.8 2017-06-08 CVE-2016-2034

SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
9 2014-11-19 CVE-2014-6627

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

CWE : Common Weakness Enumeration

%idName
23% (7) CWE-284 Access Control (Authorization) Issues
20% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
13% (4) CWE-200 Information Exposure
6% (2) CWE-352 Cross-Site Request Forgery (CSRF)
6% (2) CWE-264 Permissions, Privileges, and Access Controls
6% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
3% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
3% (1) CWE-522 Insufficiently Protected Credentials
3% (1) CWE-347 Improper Verification of Cryptographic Signature
3% (1) CWE-306 Missing Authentication for Critical Function
3% (1) CWE-285 Improper Access Control (Authorization)
3% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
3% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Nessus® Vulnerability Scanner

id Description
2018-02-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4126.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_224382401bd011e8a2ec6cc21735f730.nasl - Type: ACT_GATHER_INFO