CVE-2024-26302

Опубликовано: 27 фев. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt
Broken Link
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.9.0 (включая) до 6.9.13 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.10.0 (включая) до 6.10.8 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.11.0 (включая) до 6.11.6 (включая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_4:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_6:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00253

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-jhxw-wgr6-6rqc

CVSS3: 4.8

github

почти 2 года назад

EPSS

Процентиль: 48%

0.00253

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-276