CVE-2023-43507

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия до 6.9.13 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.10.0 (включая) до 6.10.8 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.11.0 (включая) до 6.11.4 (включая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00414

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-79fx-6h56-pfcr

CVSS3: 7.2

github

больше 2 лет назад

EPSS

Процентиль: 61%

0.00414

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89