漏洞标题
N/A
漏洞描述信息
在特定的配置文件下,攻击者可以在不提供多因素身份验证代码的情况下登录Aruba EdgeConnect Enterprise Orchestrator。成功 exploitation 允许攻击者仅使用用户名和密码登录,并成功绕过 Aruba EdgeConnect Enterprise Orchestration 软件版本(s)中的多因素身份验证要求:Aruba EdgeConnect Enterprise Orchestrator (在premises) 、Aruba EdgeConnect Enterprise Orchestrator-as-a-Service、Aruba EdgeConnect Enterprise Orchestrator-SP 和 Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 及更低版本、- Orchestrator 9.1.4.40436 及更低版本、- Orchestrator 9.0.7.40110 及更低版本、- Orchestrator 8.10.23.40015 及更低版本 - 任何未特别提及的 Orchestrator 版本。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Aruba Networks ClearPass Policy Manager 授权问题漏洞
漏洞描述信息
Aruba Networks ClearPass Policy Manager是美国安移通(Aruba Networks)公司的一个应用系统提供无线网络安全接入管理系统 Aruba Networks ClearPass Policy Manager 存在安全漏洞。攻击者利用该漏洞绕过身份验证,仅使用用户名和密码就可以登录系统。以下产品及版本受到影响:Aruba EdgeConnect Enterprise Orchestrator 9.2.1.40179版本及之前版本、9.1.4.40436版本及之前版本
CVSS信息
N/A
漏洞类别
授权问题