CVE-2021-26682

Name of the Vulnerable Software and Affected Versions Aruba ClearPass Policy Manager versions prior to 6.9.5 Aruba ClearPass Policy Manager version 6.8.8-HF1 Aruba ClearPass Policy Manager version 6.7.14-HF1

Description A remote reflected cross-site scripting (XSS) vulnerability was discovered in the guest portal interface of Aruba ClearPass Policy Manager. This vulnerability could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface.

Recommendations For versions prior to 6.9.5, update to version 6.9.5 or later. For version 6.8.8-HF1, update to a version that includes the fix for this issue. For version 6.7.14-HF1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the guest portal interface until a patch is available.