Search

Find a vulnerability

Search criteria

    272 vulnerabilities found for clearpass_policy_manager by arubanetworks

    CVE-2025-25039 (GCVE-0-2025-25039)

    Vulnerability from nvd – Published: 2025-02-04 18:13 – Updated: 2025-03-13 18:02
    VLAI
    Title
    Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    Daniel Jensen (@Dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:05:55.876133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T18:02:24.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Jensen (@Dozernz)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:13:23.132Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-25039",
        "datePublished": "2025-02-04T18:13:23.132Z",
        "dateReserved": "2025-01-31T21:19:15.435Z",
        "dateUpdated": "2025-03-13T18:02:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23060 (GCVE-0-2025-23060)

    Vulnerability from nvd – Published: 2025-02-04 18:11 – Updated: 2025-03-13 14:09
    VLAI
    Title
    Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)
    Summary
    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    HPE Aruba Networking QA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:06:24.290240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T14:09:34.595Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HPE Aruba Networking QA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:11:41.371Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23060",
        "datePublished": "2025-02-04T18:11:41.371Z",
        "dateReserved": "2025-01-10T16:27:25.925Z",
        "dateUpdated": "2025-03-13T14:09:34.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23059 (GCVE-0-2025-23059)

    Vulnerability from nvd – Published: 2025-02-04 18:10 – Updated: 2025-03-13 15:25
    VLAI
    Title
    Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager
    Summary
    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    Federal Aviation Administration (FAA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:06:40.536074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T15:25:04.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Federal Aviation Administration (FAA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:10:21.793Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23059",
        "datePublished": "2025-02-04T18:10:21.793Z",
        "dateReserved": "2025-01-10T16:27:25.924Z",
        "dateUpdated": "2025-03-13T15:25:04.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23058 (GCVE-0-2025-23058)

    Vulnerability from nvd – Published: 2025-02-04 18:07 – Updated: 2025-03-13 13:28
    VLAI
    Title
    Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    ING Bank
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:07:03.187380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1390",
                    "description": "CWE-1390 Weak Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T13:28:04.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ING Bank"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. \u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:07:56.711Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23058",
        "datePublished": "2025-02-04T18:07:56.711Z",
        "dateReserved": "2025-01-10T16:27:25.924Z",
        "dateUpdated": "2025-03-13T13:28:04.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-53672 (GCVE-0-2024-53672)

    Vulnerability from nvd – Published: 2024-12-03 20:14 – Updated: 2024-12-06 20:11
    VLAI
    Title
    Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    Date Public
    2024-12-03 20:14
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:47:40.618144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T20:11:12.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:14:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:15:45.716Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-53672",
        "datePublished": "2024-12-03T20:14:36.528Z",
        "dateReserved": "2024-11-21T16:51:49.639Z",
        "dateUpdated": "2024-12-06T20:11:12.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51773 (GCVE-0-2024-51773)

    Vulnerability from nvd – Published: 2024-12-03 20:11 – Updated: 2024-12-03 21:56
    VLAI
    Title
    Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface
    Summary
    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    Credits
    Pear1y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51773",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:49:13.862586Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:56:04.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Pear1y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user\u0027s data and altering information within the user\u0027s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user\u0027s session."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user\u0027s data and altering information within the user\u0027s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:17:41.771Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51773",
        "datePublished": "2024-12-03T20:11:03.981Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:56:04.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51772 (GCVE-0-2024-51772)

    Vulnerability from nvd – Published: 2024-12-03 20:08 – Updated: 2024-12-03 21:54
    VLAI
    Title
    Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)
    Summary
    An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-12-03 20:07
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.2",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.11.9",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:50:12.134834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:54:52.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."
                }
              ],
              "value": "An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:17:12.658Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51772",
        "datePublished": "2024-12-03T20:08:00.358Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:54:52.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51771 (GCVE-0-2024-51771)

    Vulnerability from nvd – Published: 2024-12-03 20:02 – Updated: 2024-12-03 21:55
    VLAI
    Title
    Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
    Summary
    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-12-03 20:01
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.2",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.11.9",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:55:30.727636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:55:47.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:16:36.314Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51771",
        "datePublished": "2024-12-03T20:02:02.240Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:55:47.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5486 (GCVE-0-2024-5486)

    Vulnerability from nvd – Published: 2024-07-30 17:04 – Updated: 2024-10-28 19:55
    VLAI
    Title
    Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
    Summary
    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    Credits
    The Federal Aviation Administration (FAA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:36:10.588203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:55:49.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.793Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Federal Aviation Administration (FAA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:04:24.617Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Sensitive Information Disclosure in ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-5486",
        "datePublished": "2024-07-30T17:04:24.617Z",
        "dateReserved": "2024-05-29T19:07:01.817Z",
        "dateUpdated": "2024-10-28T19:55:49.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41916 (GCVE-0-2024-41916)

    Vulnerability from nvd – Published: 2024-07-30 17:09 – Updated: 2024-10-28 20:22
    VLAI
    Title
    Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
    Summary
    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    Credits
    Security Team at Quinstreet Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:35:11.824633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T20:22:04.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:31.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Security Team at Quinstreet Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:09:40.673Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Sensitive Information Disclosure in ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-41916",
        "datePublished": "2024-07-30T17:09:40.673Z",
        "dateReserved": "2024-07-23T15:57:59.918Z",
        "dateUpdated": "2024-10-28T20:22:04.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41915 (GCVE-0-2024-41915)

    Vulnerability from nvd – Published: 2024-07-30 17:07 – Updated: 2024-08-02 04:46
    VLAI
    Title
    Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface
    Summary
    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.1 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.8 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    security team at Cabridge University [CN2][GN3]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.1",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.8",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:26:31.461257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T17:32:43.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:46:52.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "security team at Cabridge University [CN2][GN3]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:07:42.565Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-41915",
        "datePublished": "2024-07-30T17:07:42.565Z",
        "dateReserved": "2024-07-23T15:57:59.918Z",
        "dateUpdated": "2024-08-02T04:46:52.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26302 (GCVE-0-2024-26302)

    Vulnerability from nvd – Published: 2024-02-27 22:11 – Updated: 2025-08-27 15:41
    VLAI
    Summary
    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    Credits
    Aruba ClearPass Policy Manager engineering team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:11:03.319147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T15:41:33.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Aruba ClearPass Policy Manager engineering team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:11:37.929Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26302",
        "datePublished": "2024-02-27T22:11:37.929Z",
        "dateReserved": "2024-02-16T19:42:43.186Z",
        "dateUpdated": "2025-08-27T15:41:33.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26301 (GCVE-0-2024-26301)

    Vulnerability from nvd – Published: 2024-02-27 22:10 – Updated: 2025-03-13 16:43
    VLAI
    Summary
    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    Credits
    Niels De Carpentier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T16:54:02.591331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T16:43:00.369Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Niels De Carpentier"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:10:54.804Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26301",
        "datePublished": "2024-02-27T22:10:54.804Z",
        "dateReserved": "2024-02-16T19:42:43.186Z",
        "dateUpdated": "2025-03-13T16:43:00.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26300 (GCVE-0-2024-26300)

    Vulnerability from nvd – Published: 2024-02-27 22:06 – Updated: 2024-11-07 11:07
    VLAI
    Summary
    A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    Credits
    Kajetan Rostojek (@kaje11)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T20:30:02.698599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T11:07:53.761Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kajetan Rostojek (@kaje11)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:06:49.616Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26300",
        "datePublished": "2024-02-27T22:06:49.616Z",
        "dateReserved": "2024-02-16T19:42:43.186Z",
        "dateUpdated": "2024-11-07T11:07:53.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26299 (GCVE-0-2024-26299)

    Vulnerability from nvd – Published: 2024-02-27 22:05 – Updated: 2024-11-04 18:44
    VLAI
    Summary
    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    Credits
    S4thi5h
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:16:03.637814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T18:44:31.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "S4thi5h"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:05:37.624Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26299",
        "datePublished": "2024-02-27T22:05:37.624Z",
        "dateReserved": "2024-02-16T19:42:43.186Z",
        "dateUpdated": "2024-11-04T18:44:31.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26298 (GCVE-0-2024-26298)

    Vulnerability from nvd – Published: 2024-02-27 22:04 – Updated: 2024-08-02 00:07
    VLAI
    Summary
    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.6 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.10.0 , ≤ 6.10.8_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.9.0 , ≤ 6.9.13_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kajetan Rostojek (@kaje11)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.6",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10.8_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.10.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.9.13_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.9.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.12.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:31:43.549918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T17:06:46.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kajetan Rostojek (@kaje11)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eVulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:04:58.511Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26298",
        "datePublished": "2024-02-27T22:04:58.511Z",
        "dateReserved": "2024-02-16T19:42:43.185Z",
        "dateUpdated": "2024-08-02T00:07:19.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26297 (GCVE-0-2024-26297)

    Vulnerability from nvd – Published: 2024-02-27 22:03 – Updated: 2024-08-02 00:07
    VLAI
    Summary
    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.6 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.10.0 , ≤ 6.10.8_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.9.0 , ≤ 6.9.13_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kajetan Rostojek (@kaje11)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.6",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10.8_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.10.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.9.13_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.9.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.12.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T17:05:17.518713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T17:05:48.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kajetan Rostojek (@kaje11)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eVulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T22:03:55.507Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26297",
        "datePublished": "2024-02-27T22:03:55.507Z",
        "dateReserved": "2024-02-16T19:42:43.185Z",
        "dateUpdated": "2024-08-02T00:07:19.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26296 (GCVE-0-2024-26296)

    Vulnerability from nvd – Published: 2024-02-27 21:57 – Updated: 2024-08-02 00:07
    VLAI
    Summary
    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.6 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.10.0 , ≤ 6.10.8_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.9.0 , ≤ 6.9.13_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kajetan Rostojek (@kaje11)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.6",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10.8_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.10.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.9.13_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.9.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.12.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:42:16.443596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T17:04:58.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kajetan Rostojek (@kaje11)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eVulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T21:57:24.846Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26296",
        "datePublished": "2024-02-27T21:57:24.846Z",
        "dateReserved": "2024-02-16T19:42:43.185Z",
        "dateUpdated": "2024-08-02T00:07:19.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26295 (GCVE-0-2024-26295)

    Vulnerability from nvd – Published: 2024-02-27 21:56 – Updated: 2024-08-02 00:07
    VLAI
    Summary
    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager Affected: ClearPass Policy Manager 6.12.x: 6.12.0
    Affected: ClearPass Policy Manager 6.11.x: 6.11.6 and below
    Affected: ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
    Affected: ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.6 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.10.0 , ≤ 6.10.8_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.9.0 , ≤ 6.9.13_hotfix_q4_2023 (custom)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.6",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10.8_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.10.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.9.13_hotfix_q4_2023",
                    "status": "affected",
                    "version": "6.9.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.12.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26295",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T17:06:06.521964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T17:06:09.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.x: 6.12.0"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.x: 6.11.6 and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below"
                },
                {
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eVulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
                }
              ],
              "value": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T21:56:22.295Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-26295",
        "datePublished": "2024-02-27T21:56:22.295Z",
        "dateReserved": "2024-02-16T19:42:43.185Z",
        "dateUpdated": "2024-08-02T00:07:19.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25039 (GCVE-0-2025-25039)

    Vulnerability from cvelistv5 – Published: 2025-02-04 18:13 – Updated: 2025-03-13 18:02
    VLAI
    Title
    Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    Daniel Jensen (@Dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:05:55.876133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T18:02:24.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Jensen (@Dozernz)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:13:23.132Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-25039",
        "datePublished": "2025-02-04T18:13:23.132Z",
        "dateReserved": "2025-01-31T21:19:15.435Z",
        "dateUpdated": "2025-03-13T18:02:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23060 (GCVE-0-2025-23060)

    Vulnerability from cvelistv5 – Published: 2025-02-04 18:11 – Updated: 2025-03-13 14:09
    VLAI
    Title
    Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)
    Summary
    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    HPE Aruba Networking QA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:06:24.290240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T14:09:34.595Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "HPE Aruba Networking QA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:11:41.371Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23060",
        "datePublished": "2025-02-04T18:11:41.371Z",
        "dateReserved": "2025-01-10T16:27:25.925Z",
        "dateUpdated": "2025-03-13T14:09:34.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23059 (GCVE-0-2025-23059)

    Vulnerability from cvelistv5 – Published: 2025-02-04 18:10 – Updated: 2025-03-13 15:25
    VLAI
    Title
    Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager
    Summary
    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    Federal Aviation Administration (FAA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:06:40.536074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T15:25:04.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Federal Aviation Administration (FAA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:10:21.793Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23059",
        "datePublished": "2025-02-04T18:10:21.793Z",
        "dateReserved": "2025-01-10T16:27:25.924Z",
        "dateUpdated": "2025-03-13T15:25:04.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23058 (GCVE-0-2025-23058)

    Vulnerability from cvelistv5 – Published: 2025-02-04 18:07 – Updated: 2025-03-13 13:28
    VLAI
    Title
    Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ <=6.12.3 (semver)
    Affected: 6.11.0 , ≤ <=6.11.9 (semver)
    Create a notification for this product.
    Credits
    ING Bank
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:07:03.187380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1390",
                    "description": "CWE-1390 Weak Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T13:28:04.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.3",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ING Bank"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. \u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T18:07:56.711Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04784",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-23058",
        "datePublished": "2025-02-04T18:07:56.711Z",
        "dateReserved": "2025-01-10T16:27:25.924Z",
        "dateUpdated": "2025-03-13T13:28:04.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-53672 (GCVE-0-2024-53672)

    Vulnerability from cvelistv5 – Published: 2024-12-03 20:14 – Updated: 2024-12-06 20:11
    VLAI
    Title
    Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
    Summary
    A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    Date Public
    2024-12-03 20:14
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:47:40.618144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T20:11:12.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:14:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:15:45.716Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-53672",
        "datePublished": "2024-12-03T20:14:36.528Z",
        "dateReserved": "2024-11-21T16:51:49.639Z",
        "dateUpdated": "2024-12-06T20:11:12.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51773 (GCVE-0-2024-51773)

    Vulnerability from cvelistv5 – Published: 2024-12-03 20:11 – Updated: 2024-12-03 21:56
    VLAI
    Title
    Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface
    Summary
    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    Credits
    Pear1y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51773",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:49:13.862586Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:56:04.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Pear1y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user\u0027s data and altering information within the user\u0027s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user\u0027s session."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user\u0027s data and altering information within the user\u0027s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:17:41.771Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51773",
        "datePublished": "2024-12-03T20:11:03.981Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:56:04.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51772 (GCVE-0-2024-51772)

    Vulnerability from cvelistv5 – Published: 2024-12-03 20:08 – Updated: 2024-12-03 21:54
    VLAI
    Title
    Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)
    Summary
    An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-12-03 20:07
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.2",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.11.9",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:50:12.134834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:54:52.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."
                }
              ],
              "value": "An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:17:12.658Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51772",
        "datePublished": "2024-12-03T20:08:00.358Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:54:52.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51771 (GCVE-0-2024-51771)

    Vulnerability from cvelistv5 – Published: 2024-12-03 20:02 – Updated: 2024-12-03 21:55
    VLAI
    Title
    Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
    Summary
    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.2 (semver)
    Affected: 6.11.0 , ≤ 6.11.9 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-12-03 20:01
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.2",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.11.9",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T21:55:30.727636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T21:55:47.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE Aruba Networking ClearPass Policy Manager",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "6.12.2",
                  "status": "affected",
                  "version": "6.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.11.9",
                  "status": "affected",
                  "version": "6.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2024-12-03T20:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T20:16:36.314Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-51771",
        "datePublished": "2024-12-03T20:02:02.240Z",
        "dateReserved": "2024-11-01T14:42:12.299Z",
        "dateUpdated": "2024-12-03T21:55:47.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41916 (GCVE-0-2024-41916)

    Vulnerability from cvelistv5 – Published: 2024-07-30 17:09 – Updated: 2024-10-28 20:22
    VLAI
    Title
    Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
    Summary
    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    Credits
    Security Team at Quinstreet Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:35:11.824633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T20:22:04.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:31.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Security Team at Quinstreet Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:09:40.673Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Sensitive Information Disclosure in ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-41916",
        "datePublished": "2024-07-30T17:09:40.673Z",
        "dateReserved": "2024-07-23T15:57:59.918Z",
        "dateUpdated": "2024-10-28T20:22:04.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41915 (GCVE-0-2024-41915)

    Vulnerability from cvelistv5 – Published: 2024-07-30 17:07 – Updated: 2024-08-02 04:46
    VLAI
    Title
    Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface
    Summary
    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.12.0 , ≤ 6.12.1 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks clearpass_policy_manager Affected: 6.11.0 , ≤ 6.11.8 (semver)
        cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    security team at Cabridge University [CN2][GN3]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.12.1",
                    "status": "affected",
                    "version": "6.12.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.11.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "clearpass_policy_manager",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "6.11.8",
                    "status": "affected",
                    "version": "6.11.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:26:31.461257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T17:32:43.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:46:52.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "security team at Cabridge University [CN2][GN3]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:07:42.565Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-41915",
        "datePublished": "2024-07-30T17:07:42.565Z",
        "dateReserved": "2024-07-23T15:57:59.918Z",
        "dateUpdated": "2024-08-02T04:46:52.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5486 (GCVE-0-2024-5486)

    Vulnerability from cvelistv5 – Published: 2024-07-30 17:04 – Updated: 2024-10-28 19:55
    VLAI
    Title
    Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
    Summary
    A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ClearPass Policy Manager (CPPM) Affected: ClearPass Policy Manager 6.12.1 and below , ≤ <=6.12.1 (semver)
    Affected: ClearPass Policy Manager 6.11.8 and below , ≤ <=6.11.8 (semver)
    Create a notification for this product.
    Credits
    The Federal Aviation Administration (FAA)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T17:36:10.588203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:55:49.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.793Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ClearPass Policy Manager (CPPM)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=6.12.1",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.12.1 and below",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "\u003c=6.11.8",
                  "status": "affected",
                  "version": "ClearPass Policy Manager 6.11.8 and below",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Federal Aviation Administration (FAA)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003eA vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager\u003cdiv\u003e\u003cbr\u003e \u003c/div\u003e"
                }
              ],
              "value": "A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T17:04:24.617Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04675",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Sensitive Information Disclosure in ClearPass Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-5486",
        "datePublished": "2024-07-30T17:04:24.617Z",
        "dateReserved": "2024-05-29T19:07:01.817Z",
        "dateUpdated": "2024-10-28T19:55:49.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }