漏洞标题
N/A
漏洞描述信息
ClearPass Policy Manager 的基于 Web 的管理界面的漏洞可能导致经过验证的远程攻击者对 ClearPass Policy Manager 实例进行 SQL 注入攻击。攻击者可以利用这些漏洞获取和修改底层数据库中的敏感信息,可能导致 Aruba 地区的 ClearPass Policy Manager 集群完全被攻击。ClearPass Policy Manager 版本:ClearPass Policy Manager 6.10.x:6.10.7 及以下,ClearPass Policy Manager 6.9.x:6.9.12 及以下。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Aruba Networks ClearPass Policy Manager SQL注入漏洞
漏洞描述信息
Aruba Networks ClearPass Policy Manager是美国安移通(Aruba Networks)公司的一个应用系统提供无线网络安全接入管理系统 Aruba Networks ClearPass Policy Manager 存在安全漏洞。攻击者利用该漏洞执行SQL注入攻击,从而获取和修改基础数据库中的敏感信息。以下产品及版本受到影响:Aruba ClearPass Policy Manager 6.10.x版本至6.10.7版本、6.9.x版本至6.9.12版本。
CVSS信息
N/A
漏洞类别
SQL注入