PT-2023-14242 · Aruba · Clearpass Policy Manager
Published
2023-01-03
·
Updated
2023-01-11
·
CVE-2022-43531
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ClearPass Policy Manager versions 6.9.12 and below
ClearPass Policy Manager versions 6.10.7 and below
Description
The issue concerns the web-based management interface of ClearPass Policy Manager, where an authenticated remote attacker could conduct SQL injection attacks. This could lead to the obtainment and modification of sensitive information in the underlying database, potentially resulting in the complete compromise of the ClearPass Policy Manager cluster.
Recommendations
For ClearPass Policy Manager versions 6.9.12 and below, update to a version above 6.9.12 to resolve the issue.
For ClearPass Policy Manager versions 6.10.7 and below, update to a version above 6.10.7 to resolve the issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clearpass Policy Manager