CVE-2024-41915

Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface

CVSS 7.2 HIGHEPSS 0.5%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

30 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Hewlett Packard Enterprise (HPE) · ClearPass Policy Manager (CPPM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US