← back
CVE-2018-7063

CVE-2018-7063

EPSS 0.9%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Dec 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.
Affected products
Hewlett Packard Enterprise · Aruba ClearPass Policy Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt