CVE-2023-43507

Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface

CVSS 7.2 HIGHEPSS 0.8%

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.2EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 oct 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Hewlett Packard Enterprise (HPE) · Aruba ClearPass Policy Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt