A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Clearpass_policy_manager | Arubanetworks | 6.9.0 (including) | 6.9.13 (excluding) |
Clearpass_policy_manager | Arubanetworks | 6.10.0 (including) | 6.10.8 (excluding) |
Clearpass_policy_manager | Arubanetworks | 6.11.0 (including) | 6.11.6 (including) |
Clearpass_policy_manager | Arubanetworks | 6.9.13 (including) | 6.9.13 (including) |
Clearpass_policy_manager | Arubanetworks | 6.9.13-cumulative_hotfix_patch_2 (including) | 6.9.13-cumulative_hotfix_patch_2 (including) |
Clearpass_policy_manager | Arubanetworks | 6.9.13-cumulative_hotfix_patch_3 (including) | 6.9.13-cumulative_hotfix_patch_3 (including) |
Clearpass_policy_manager | Arubanetworks | 6.9.13-cumulative_hotfix_patch_4 (including) | 6.9.13-cumulative_hotfix_patch_4 (including) |
Clearpass_policy_manager | Arubanetworks | 6.10.8 (including) | 6.10.8 (including) |
Clearpass_policy_manager | Arubanetworks | 6.10.8-cumulative_hotfix_patch_2 (including) | 6.10.8-cumulative_hotfix_patch_2 (including) |
Clearpass_policy_manager | Arubanetworks | 6.10.8-cumulative_hotfix_patch_5 (including) | 6.10.8-cumulative_hotfix_patch_5 (including) |
Clearpass_policy_manager | Arubanetworks | 6.10.8-cumulative_hotfix_patch_6 (including) | 6.10.8-cumulative_hotfix_patch_6 (including) |
Clearpass_policy_manager | Arubanetworks | 6.12.0 (including) | 6.12.0 (including) |