Product
arubanetworks clearpass
36 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-29141
CVE-2021-29139
CVE-2021-29142
CVE-2021-29140
CVE-2021-29138
CVE-2021-29147
CVE-2021-29146
CVE-2021-29145
CVE-2021-29144
CVE-2020-7114
CVE-2020-7113
CVE-2020-7111
CVE-2020-7110
CVE-2016-4401
CVE-2018-7060
CVE-2018-0489
CVE-2014-2071
CVE-2015-4649
CVE-2015-3657
CVE-2015-3656
CVE-2015-3655
CVE-2015-3654
CVE-2015-3653
CVE-2016-2034
CVE-2014-6627
CVE-2014-6626
CVE-2014-6625
CVE-2014-6624
CVE-2014-6622
CVE-2014-6621
CVE-2014-5342
CVE-2014-6623
CVE-2014-6620
CVE-2014-4031
CVE-2014-4013
CVE-2013-2269
>= 6.7.0 and < 6.7.14
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.
>= 6.7.0 and < 6.7.14
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.
>= 6.7.0 and < 6.7.14
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.
>= 6.7.0 and < 6.7.13
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.
>= 6.7.0 and < 6.7.5
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6
>= 6.7.0 and < 6.7.14
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8
>= 6.7.0 and < 6.7.14
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.
>= 6.7.0 and < 6.7.14
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager v
>= 6.7.0 and < 6.7.14
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.
>= 6.7.0 and < 6.7.13
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make ch
>= 6.7.0 and < 6.7.13
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and
>= 6.7.0 and < 6.7.13
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Executi
>= 6.7.0 and < 6.7.13
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator accou
< 6.5.7
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
>= 6.6.0 and < 6.6.9
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attack
>= 6.6.0 and <= 6.6.9
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishand
>= 6.1 and <= 6.1.4
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunne
<= 6.4.6
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain roo
<= 6.4.6
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators
<= 6.4.6
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators
>= 6.4.0 and < 6.4.7
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 all
<= 6.4.6
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain roo
<= 6.4.6
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to
all versions
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
<= 6.3.4
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified
<= 6.3.4
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative funct
<= 6.3.4
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privi
<= 6.3.4
The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbit
<= 6.3.4
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via un
<= 6.3.4
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in producti
<= 6.3.4
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified
<= 6.3.5
Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.
<= 6.3.5
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers t
all versions
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before
all versions
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through
all versions
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 thr