PT-2023-28850 · Aruba Networks · Aruba Networks Clearpass Policy Manager

Luke Young

Publicado

2023-10-24

Atualizado

2023-11-01

CVE-2023-43507

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aruba Networks ClearPass Policy Manager (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated remote attacker to conduct SQL injection attacks against the instance. This could potentially lead to the compromise of sensitive information in the underlying database and complete compromise of the cluster.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-43507

Produtos afetados

Aruba Networks Clearpass Policy Manager

PT-2023-28850 · Aruba Networks · Aruba Networks Clearpass Policy Manager

CVE-2023-43507

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5