← Back to CVEs
CVE-2023-43507
HIGH7.2
Description
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published10/25/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
arubanetworks:clearpass_policy_manager
Weaknesses (CWE)
CWE-89
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt(security-alert@hpe.com)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.