Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for aruba_clearpass_policy_manager by hp

    CVE-2018-7059 (GCVE-0-2018-7059)

    Vulnerability from nvd – Published: 2018-08-06 20:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hpe
    References
    Date Public
    2018-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the \"mon\" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with \"mon\" permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7059",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the \"mon\" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with \"mon\" permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7059",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7058 (GCVE-0-2018-7058)

    Vulnerability from nvd – Published: 2018-08-06 20:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass can lead to server compromise
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1
    Create a notification for this product.
    Date Public
    2018-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1"
                }
              ]
            }
          ],
          "datePublic": "2018-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass can lead to server compromise",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7058",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass can lead to server compromise"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7058",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5390 (GCVE-0-2018-5390)

    Vulnerability from nvd – Published: 2018-08-06 20:00 – Updated: 2024-08-05 05:33
    VLAI
    Title
    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
    Summary
    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:2785 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/962459 third-party-advisoryx_refsource_CERT-VN
    https://usn.ubuntu.com/3741-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2776 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2933 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2403 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2395 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3763-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2384 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3741-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2402 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3742-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1041434 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3732-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/104976 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041424 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3742-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2924 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:2789 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4266 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:2645 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3732-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2790 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2019/06/28/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/07/06/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/07/06/4 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2018081… x_refsource_CONFIRM
    http://www.arubanetworks.com/assets/alert/ARUBA-P… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K95343321 x_refsource_CONFIRM
    https://www.a10networks.com/support/security-advi… x_refsource_CONFIRM
    https://git.kernel.org/pub/scm/linux/kernel/git/d… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K95343321?utm_… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Linux Linux Kernel Affected: 4.9 , < 4.9* (custom)
    Create a notification for this product.
    Date Public
    2018-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:2785",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2785"
              },
              {
                "name": "VU#962459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/962459"
              },
              {
                "name": "USN-3741-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3741-2/"
              },
              {
                "name": "RHSA-2018:2776",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2776"
              },
              {
                "name": "RHSA-2018:2933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2933"
              },
              {
                "name": "RHSA-2018:2403",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2403"
              },
              {
                "name": "RHSA-2018:2395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2395"
              },
              {
                "name": "USN-3763-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3763-1/"
              },
              {
                "name": "RHSA-2018:2384",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2384"
              },
              {
                "name": "USN-3741-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3741-1/"
              },
              {
                "name": "RHSA-2018:2402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2402"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "USN-3742-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-2/"
              },
              {
                "name": "1041434",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041434"
              },
              {
                "name": "USN-3732-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3732-2/"
              },
              {
                "name": "104976",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104976"
              },
              {
                "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
              },
              {
                "name": "1041424",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041424"
              },
              {
                "name": "USN-3742-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-1/"
              },
              {
                "name": "RHSA-2018:2924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2924"
              },
              {
                "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
              },
              {
                "name": "RHSA-2018:2789",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2789"
              },
              {
                "name": "DSA-4266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4266"
              },
              {
                "name": "RHSA-2018:2645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2645"
              },
              {
                "name": "USN-3732-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3732-1/"
              },
              {
                "name": "RHSA-2018:2791",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2791"
              },
              {
                "name": "RHSA-2018:2790",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2790"
              },
              {
                "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
              },
              {
                "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
              },
              {
                "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_41"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K95343321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linux Kernel",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "4.9*",
                  "status": "affected",
                  "version": "4.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T02:22:59.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "RHSA-2018:2785",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "VU#962459",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/962459"
            },
            {
              "name": "USN-3741-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2776",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2776"
            },
            {
              "name": "RHSA-2018:2933",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2403",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "RHSA-2018:2395",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "USN-3763-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3763-1/"
            },
            {
              "name": "RHSA-2018:2384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3741-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3742-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "1041434",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041434"
            },
            {
              "name": "USN-3732-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3732-2/"
            },
            {
              "name": "104976",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104976"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "1041424",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041424"
            },
            {
              "name": "USN-3742-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
            },
            {
              "name": "RHSA-2018:2789",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2789"
            },
            {
              "name": "DSA-4266",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "RHSA-2018:2645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2645"
            },
            {
              "name": "USN-3732-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3732-1/"
            },
            {
              "name": "RHSA-2018:2791",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "RHSA-2018:2790",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2790"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_41"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K95343321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2018-5390",
              "STATE": "PUBLIC",
              "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Linux Kernel",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "version_affected": "\u003e=",
                                "version_name": "4.9",
                                "version_value": "4.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:2785",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2785"
                },
                {
                  "name": "VU#962459",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/962459"
                },
                {
                  "name": "USN-3741-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3741-2/"
                },
                {
                  "name": "RHSA-2018:2776",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2776"
                },
                {
                  "name": "RHSA-2018:2933",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2933"
                },
                {
                  "name": "RHSA-2018:2403",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2403"
                },
                {
                  "name": "RHSA-2018:2395",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2395"
                },
                {
                  "name": "USN-3763-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3763-1/"
                },
                {
                  "name": "RHSA-2018:2384",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2384"
                },
                {
                  "name": "USN-3741-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3741-1/"
                },
                {
                  "name": "RHSA-2018:2402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2402"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "USN-3742-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-2/"
                },
                {
                  "name": "1041434",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041434"
                },
                {
                  "name": "USN-3732-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3732-2/"
                },
                {
                  "name": "104976",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104976"
                },
                {
                  "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
                },
                {
                  "name": "1041424",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041424"
                },
                {
                  "name": "USN-3742-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-1/"
                },
                {
                  "name": "RHSA-2018:2924",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2924"
                },
                {
                  "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
                },
                {
                  "name": "RHSA-2018:2789",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2789"
                },
                {
                  "name": "DSA-4266",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4266"
                },
                {
                  "name": "RHSA-2018:2645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2645"
                },
                {
                  "name": "USN-3732-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3732-1/"
                },
                {
                  "name": "RHSA-2018:2791",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2791"
                },
                {
                  "name": "RHSA-2018:2790",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2790"
                },
                {
                  "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
                },
                {
                  "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
                },
                {
                  "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_41",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_41"
                },
                {
                  "name": "https://support.f5.com/csp/article/K95343321",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K95343321"
                },
                {
                  "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
                  "refsource": "CONFIRM",
                  "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
                },
                {
                  "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2018-5390",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:33:44.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9002 (GCVE-0-2017-9002)

    Vulnerability from nvd – Published: 2018-08-06 20:00 – Updated: 2024-08-05 16:55
    VLAI
    Summary
    All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
    Severity
    No CVSS data available.
    CWE
    • reflected cross-site scripting
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: All versions prior to v6.6.8
    Create a notification for this product.
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:55:21.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to v6.6.8"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2017-9002",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to v6.6.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-9002",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:55:21.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9001 (GCVE-0-2017-9001)

    Vulnerability from nvd – Published: 2018-08-06 20:00 – Updated: 2024-08-05 16:55
    VLAI
    Summary
    Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
    Severity
    No CVSS data available.
    CWE
    • unauthenticated remote command execution
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: All versions prior to 6.6.8
    Create a notification for this product.
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:55:21.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 6.6.8"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass 6.6.3 and later includes a feature called \"SSH Lockout\", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with \"root\" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unauthenticated remote command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2017-9001",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 6.6.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass 6.6.3 and later includes a feature called \"SSH Lockout\", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with \"root\" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unauthenticated remote command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-9001",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:55:21.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5829 (GCVE-0-2017-5829)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • access restriction bypass
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "access restriction bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "access restriction bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5829",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:38.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5828 (GCVE-0-2017-5828)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 19:14
    VLAI
    Summary
    An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • arbitrary command execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "arbitrary command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5828",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:39.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5827 (GCVE-0-2017-5827)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • reflected cross site scripting
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5827",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5827",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:55.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5826 (GCVE-0-2017-5826)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 23:50
    VLAI
    Summary
    An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • authenticated remote code execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authenticated remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authenticated remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5826",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:50:47.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5825 (GCVE-0-2017-5825)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:04
    VLAI
    Summary
    A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • privilage escalation
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilage escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilage escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5825",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:04:02.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5824 (GCVE-0-2017-5824)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • unathenticated remote code execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unathenticated remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unathenticated remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5824",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:57.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5390 (GCVE-0-2018-5390)

    Vulnerability from cvelistv5 – Published: 2018-08-06 20:00 – Updated: 2024-08-05 05:33
    VLAI
    Title
    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
    Summary
    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:2785 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/962459 third-party-advisoryx_refsource_CERT-VN
    https://usn.ubuntu.com/3741-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2776 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2933 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2403 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2395 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3763-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2384 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3741-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2402 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3742-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1041434 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3732-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/104976 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041424 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3742-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2924 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:2789 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4266 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:2645 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3732-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2790 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2019/06/28/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/07/06/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/07/06/4 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2018081… x_refsource_CONFIRM
    http://www.arubanetworks.com/assets/alert/ARUBA-P… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K95343321 x_refsource_CONFIRM
    https://www.a10networks.com/support/security-advi… x_refsource_CONFIRM
    https://git.kernel.org/pub/scm/linux/kernel/git/d… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K95343321?utm_… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Linux Linux Kernel Affected: 4.9 , < 4.9* (custom)
    Create a notification for this product.
    Date Public
    2018-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:2785",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2785"
              },
              {
                "name": "VU#962459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/962459"
              },
              {
                "name": "USN-3741-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3741-2/"
              },
              {
                "name": "RHSA-2018:2776",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2776"
              },
              {
                "name": "RHSA-2018:2933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2933"
              },
              {
                "name": "RHSA-2018:2403",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2403"
              },
              {
                "name": "RHSA-2018:2395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2395"
              },
              {
                "name": "USN-3763-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3763-1/"
              },
              {
                "name": "RHSA-2018:2384",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2384"
              },
              {
                "name": "USN-3741-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3741-1/"
              },
              {
                "name": "RHSA-2018:2402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2402"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "USN-3742-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-2/"
              },
              {
                "name": "1041434",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041434"
              },
              {
                "name": "USN-3732-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3732-2/"
              },
              {
                "name": "104976",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104976"
              },
              {
                "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
              },
              {
                "name": "1041424",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041424"
              },
              {
                "name": "USN-3742-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-1/"
              },
              {
                "name": "RHSA-2018:2924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2924"
              },
              {
                "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
              },
              {
                "name": "RHSA-2018:2789",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2789"
              },
              {
                "name": "DSA-4266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4266"
              },
              {
                "name": "RHSA-2018:2645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2645"
              },
              {
                "name": "USN-3732-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3732-1/"
              },
              {
                "name": "RHSA-2018:2791",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2791"
              },
              {
                "name": "RHSA-2018:2790",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2790"
              },
              {
                "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
              },
              {
                "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
              },
              {
                "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_41"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K95343321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linux Kernel",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "4.9*",
                  "status": "affected",
                  "version": "4.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T02:22:59.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "RHSA-2018:2785",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "VU#962459",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/962459"
            },
            {
              "name": "USN-3741-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2776",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2776"
            },
            {
              "name": "RHSA-2018:2933",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2403",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "RHSA-2018:2395",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "USN-3763-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3763-1/"
            },
            {
              "name": "RHSA-2018:2384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3741-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3742-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "1041434",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041434"
            },
            {
              "name": "USN-3732-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3732-2/"
            },
            {
              "name": "104976",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104976"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "1041424",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041424"
            },
            {
              "name": "USN-3742-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
            },
            {
              "name": "RHSA-2018:2789",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2789"
            },
            {
              "name": "DSA-4266",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "RHSA-2018:2645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2645"
            },
            {
              "name": "USN-3732-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3732-1/"
            },
            {
              "name": "RHSA-2018:2791",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "RHSA-2018:2790",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2790"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_41"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K95343321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2018-5390",
              "STATE": "PUBLIC",
              "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Linux Kernel",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "version_affected": "\u003e=",
                                "version_name": "4.9",
                                "version_value": "4.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:2785",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2785"
                },
                {
                  "name": "VU#962459",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/962459"
                },
                {
                  "name": "USN-3741-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3741-2/"
                },
                {
                  "name": "RHSA-2018:2776",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2776"
                },
                {
                  "name": "RHSA-2018:2933",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2933"
                },
                {
                  "name": "RHSA-2018:2403",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2403"
                },
                {
                  "name": "RHSA-2018:2395",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2395"
                },
                {
                  "name": "USN-3763-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3763-1/"
                },
                {
                  "name": "RHSA-2018:2384",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2384"
                },
                {
                  "name": "USN-3741-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3741-1/"
                },
                {
                  "name": "RHSA-2018:2402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2402"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "USN-3742-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-2/"
                },
                {
                  "name": "1041434",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041434"
                },
                {
                  "name": "USN-3732-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3732-2/"
                },
                {
                  "name": "104976",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104976"
                },
                {
                  "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
                },
                {
                  "name": "1041424",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041424"
                },
                {
                  "name": "USN-3742-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-1/"
                },
                {
                  "name": "RHSA-2018:2924",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2924"
                },
                {
                  "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
                },
                {
                  "name": "RHSA-2018:2789",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2789"
                },
                {
                  "name": "DSA-4266",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4266"
                },
                {
                  "name": "RHSA-2018:2645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2645"
                },
                {
                  "name": "USN-3732-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3732-1/"
                },
                {
                  "name": "RHSA-2018:2791",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2791"
                },
                {
                  "name": "RHSA-2018:2790",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2790"
                },
                {
                  "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
                },
                {
                  "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
                },
                {
                  "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_41",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_41"
                },
                {
                  "name": "https://support.f5.com/csp/article/K95343321",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K95343321"
                },
                {
                  "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
                  "refsource": "CONFIRM",
                  "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
                },
                {
                  "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2018-5390",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:33:44.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9001 (GCVE-0-2017-9001)

    Vulnerability from cvelistv5 – Published: 2018-08-06 20:00 – Updated: 2024-08-05 16:55
    VLAI
    Summary
    Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
    Severity
    No CVSS data available.
    CWE
    • unauthenticated remote command execution
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: All versions prior to 6.6.8
    Create a notification for this product.
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:55:21.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 6.6.8"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass 6.6.3 and later includes a feature called \"SSH Lockout\", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with \"root\" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unauthenticated remote command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2017-9001",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 6.6.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass 6.6.3 and later includes a feature called \"SSH Lockout\", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with \"root\" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unauthenticated remote command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-9001",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:55:21.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7058 (GCVE-0-2018-7058)

    Vulnerability from cvelistv5 – Published: 2018-08-06 20:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass can lead to server compromise
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1
    Create a notification for this product.
    Date Public
    2018-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1"
                }
              ]
            }
          ],
          "datePublic": "2018-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass can lead to server compromise",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7058",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass can lead to server compromise"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7058",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9002 (GCVE-0-2017-9002)

    Vulnerability from cvelistv5 – Published: 2018-08-06 20:00 – Updated: 2024-08-05 16:55
    VLAI
    Summary
    All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
    Severity
    No CVSS data available.
    CWE
    • reflected cross-site scripting
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba ClearPass Affected: All versions prior to v6.6.8
    Create a notification for this product.
    Date Public
    2017-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:55:21.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to v6.6.8"
                }
              ]
            }
          ],
          "datePublic": "2017-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2017-9002",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to v6.6.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-9002",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:55:21.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7059 (GCVE-0-2018-7059)

    Vulnerability from cvelistv5 – Published: 2018-08-06 20:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hpe
    References
    Date Public
    2018-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the \"mon\" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with \"mon\" permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-06T19:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7059",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the \"mon\" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with \"mon\" permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7059",
        "datePublished": "2018-08-06T20:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5824 (GCVE-0-2017-5824)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • unathenticated remote code execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unathenticated remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unathenticated remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5824",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:57.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5825 (GCVE-0-2017-5825)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:04
    VLAI
    Summary
    A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • privilage escalation
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilage escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilage escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5825",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:04:02.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5826 (GCVE-0-2017-5826)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 23:50
    VLAI
    Summary
    An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • authenticated remote code execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authenticated remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authenticated remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5826",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:50:47.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5828 (GCVE-0-2017-5828)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 19:14
    VLAI
    Summary
    An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • arbitrary command execution
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "arbitrary command execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5828",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:39.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5829 (GCVE-0-2017-5829)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • access restriction bypass
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "access restriction bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "access restriction bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5829",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:38.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5827 (GCVE-0-2017-5827)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
    Severity
    No CVSS data available.
    CWE
    • reflected cross site scripting
    Assigner
    hpe
    References
    Impacted products
    Date Public
    2017-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:11:48.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
              },
              {
                "name": "98722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.x"
                }
              ]
            }
          ],
          "datePublic": "2017-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-07T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
            },
            {
              "name": "98722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-25T00:00:00",
              "ID": "CVE-2017-5827",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba ClearPass Policy Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
                },
                {
                  "name": "98722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-5827",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:55.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }