CVE-2022-43532

Name of the Vulnerable Software and Affected Versions Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below

Description A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Recommendations For ClearPass Policy Manager versions 6.10.x: 6.10.7 and below, update to a version above 6.10.7 to resolve the issue. For ClearPass Policy Manager versions 6.9.x: 6.9.12 and below, update to a version above 6.9.12 to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.