CVE-2023-43507
Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
24 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Hewlett Packard Enterprise (HPE) · Aruba ClearPass Policy ManagerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →