A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hpe
Published: 2022-09-20T20:12:50
Updated: 2022-09-20T20:12:50
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23685
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-20T21:15:10.083
Modified: 2023-01-23T13:55:36.187
Link: CVE-2022-23685
JSON object: View
Redhat Information
No data.
CWE