Aruba Networks ClearPass Policy Manager 6.12.3

CPE Details

Aruba Networks ClearPass Policy Manager 6.12.3
arubanetworks
clearpass_policy_manager
6.12.3
2025-04-15
09h47 +00:00
2025-04-15
09h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.3:*:*:*:*:*:*:*

Informations

Vendor

arubanetworks

Product

clearpass_policy_manager

Version

6.12.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-25039 2025-02-04 18h13 +00:00 A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
8.8
High
CVE-2025-23060 2025-02-04 18h11 +00:00 A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
8.1
High
CVE-2025-23059 2025-02-04 18h10 +00:00 A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
6.8
Medium
CVE-2025-23058 2025-02-04 18h07 +00:00 A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.