An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt | Vendor Advisory |
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt - Vendor Advisory |
Information
Published : 2018-12-07 21:29
Updated : 2024-11-21 04:11
NVD link : CVE-2018-7065
Mitre link : CVE-2018-7065
CVE.ORG link : CVE-2018-7065
JSON object : View
Products Affected
arubanetworks
- clearpass_policy_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')