CVE-2017-9002: XSS
First published: Mon Aug 06 2018(Updated: )
All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Aruba Clearpass Policy Manager | <6.6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-9002.
What is the severity of CVE-2017-9002?
The severity of CVE-2017-9002 is medium (6.1).
What is the affected software?
The affected software is all versions of Aruba ClearPass prior to 6.6.8.
What is the impact of CVE-2017-9002?
By exploiting this vulnerability, an attacker can obtain sensitive information, such as session cookies or passwords, by tricking a logged-in ClearPass administrative user into clicking a link.
How can I fix CVE-2017-9002?
To fix CVE-2017-9002, update Aruba ClearPass to version 6.6.8 or later.
- collector/nvd-index
- vendor/hp
- canonical/hp aruba clearpass policy manager