PT-2022-16204 · Aruba · Aruba Clearpass Policy Manager
Published
2022-09-20
·
Updated
2023-01-23
·
CVE-2022-23693
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba ClearPass Policy Manager versions 6.10.x: 6.10.6 and below
Aruba ClearPass Policy Manager versions 6.9.x: 6.9.11 and below
Description
The web-based management interface of ClearPass Policy Manager has vulnerabilities that could allow an authenticated remote attacker to conduct SQL injection attacks. This could lead to the obtainment and modification of sensitive information in the underlying database, potentially resulting in the complete compromise of the ClearPass Policy Manager cluster.
Recommendations
For Aruba ClearPass Policy Manager versions 6.10.x: 6.10.6 and below, upgrade to a version above 6.10.6.
For Aruba ClearPass Policy Manager versions 6.9.x: 6.9.11 and below, upgrade to a version above 6.9.11.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Clearpass Policy Manager