CVE-2015-3655

Published: Aug 29, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.

Affected (2)

Products: Arubanetworks: Clearpass

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass	From 6.4.0 to 6.4.7
Arubanetworks Clearpass	From 6.5.0 to 6.5.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/100594

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/100594

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.