← Back

CVE-2024-26302

nvd nist
Published: Feb 27, 2024Modified: Mar 27, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.2 / Impact: 2.5
Source: security-alert@hpe.com (Secondary)

Description

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Affected (12)

Arubanetworks
1 product
Clearpass Policy Manager
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Clearpass Policy Manager
From 6.10.0 to 6.10.8
Clearpass Policy Manager
From 6.11.0 to 6.11.6
Clearpass Policy Manager
From 6.9.0 to 6.9.13
Clearpass Policy Manager
Version 6.10.8
Clearpass Policy Manager
Version 6.10.8 cumulative_hotfix_patch_2
Clearpass Policy Manager
Version 6.10.8 cumulative_hotfix_patch_5
Clearpass Policy Manager
Version 6.10.8 cumulative_hotfix_patch_6
Clearpass Policy Manager
Version 6.12.0
Clearpass Policy Manager
Version 6.9.13
Clearpass Policy Manager
Version 6.9.13 cumulative_hotfix_patch_2
Clearpass Policy Manager
Version 6.9.13 cumulative_hotfix_patch_3
Clearpass Policy Manager
Version 6.9.13 cumulative_hotfix_patch_4

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: security-alert@hpe.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.