PT-2022-16205 · Aruba · Aruba Clearpass Policy Manager
Published
2022-09-20
·
Updated
2023-01-23
·
CVE-2022-23694
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba ClearPass Policy Manager versions 6.10.6 and below
Aruba ClearPass Policy Manager versions 6.9.11 and below
Description
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database, potentially leading to complete compromise of the ClearPass Policy Manager cluster.
Recommendations
For Aruba ClearPass Policy Manager versions 6.10.6 and below, upgrade to a version above 6.10.6 to address the security vulnerabilities.
For Aruba ClearPass Policy Manager versions 6.9.11 and below, upgrade to a version above 6.9.11 to address the security vulnerabilities.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Clearpass Policy Manager