← Back

CVE-2022-23669

nvd nist
Published: May 17, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

Affected (7)

Arubanetworks
1 product
Clearpass Policy Manager
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Clearpass Policy Manager
Up to 6.7.14
Clearpass Policy Manager
From 6.10.0 to 6.10.4
Clearpass Policy Manager
From 6.8.0 to 6.8.9
Clearpass Policy Manager
From 6.9.0 to 6.9.9
Clearpass Policy Manager
Version 6.8.9
Clearpass Policy Manager
Version 6.8.9 hotfix1
Clearpass Policy Manager
Version 6.8.9 hotfix2

Related CWEs

CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

Source: security-alert@hpe.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.