First published: Tue Sep 20 2022(Updated: )
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Clearpass Policy Manager | >=6.9.0<6.9.12 | |
Arubanetworks Clearpass Policy Manager | >=6.10.0<6.10.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-23693.
The severity of CVE-2022-23693 is high with a CVSS score of 8.8.
The affected software is Arubanetworks Clearpass Policy Manager versions 6.9.0 to 6.9.12 and versions 6.10.0 to 6.10.7.
An authenticated remote attacker can exploit CVE-2022-23693 to conduct SQL injection attacks against the ClearPass Policy Manager instance.
You can find more information about CVE-2022-23693 at the following reference: [https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt)