U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:arubanetworks:clearpass:6.0.1
There are 18 matching records.
Displaying matches 1 through 18.
Vuln ID Summary CVSS Severity
CVE-2016-4401

Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.

Published: November 06, 2019; 10:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-4649

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

Published: August 29, 2017; 11:29:00 AM -0400
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2015-3657

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

Published: August 29, 2017; 11:29:00 AM -0400
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-3656

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.

Published: August 29, 2017; 11:29:00 AM -0400
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-3654

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

Published: August 29, 2017; 11:29:00 AM -0400
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2015-3653

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.

Published: August 29, 2017; 11:29:00 AM -0400
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2014-6627

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

Published: November 19, 2014; 1:59:07 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2014-6626

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.

Published: November 19, 2014; 1:59:06 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-6625

The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.

Published: November 19, 2014; 1:59:04 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2014-6624

The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

Published: November 19, 2014; 1:59:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-6622

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.

Published: November 19, 2014; 1:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6621

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.

Published: November 19, 2014; 1:59:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5342

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.

Published: November 19, 2014; 1:59:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-6623

Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.

Published: November 07, 2014; 2:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6620

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: November 07, 2014; 2:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4031

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.

Published: July 15, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-4013

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published: July 14, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-2269

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.

Published: October 01, 2013; 1:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM