Luke Young

**Name of the Vulnerable Software and Affected Versions** Aruba Networks ClearPass Policy Manager (affected versions not specified) **Description** A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba Networks ClearPass Policy Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated remote attacker to conduct SQL injection attacks against the instance. This could potentially lead to the compromise of sensitive information in the underlying database and complete compromise of the cluster. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClearPass Policy Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClearPass OnGuard Linux agent (affected versions not specified) **Description** The issue is related to insecure privilege management in the ClearPass OnGuard component of the Aruba Networks ClearPass Policy Manager for Linux. It allows malicious users on a Linux instance to elevate their user privileges to a higher role. A successful exploit enables malicious users to execute arbitrary code with root-level privileges on the Linux instance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClearPass Policy Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. This could potentially be used to gain further privileges on the ClearPass instance. The issue is related to a lack of protection for internal data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.