A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
History

Tue, 27 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-09-20T20:12:50.000Z

Updated: 2025-05-27T18:16:36.683Z

Reserved: 2022-01-19T00:00:00.000Z

Link: CVE-2022-23685

cve-icon Vulnrichment

Updated: 2024-08-03T03:51:45.797Z

cve-icon NVD

Status : Modified

Published: 2022-09-20T21:15:10.083

Modified: 2025-05-27T19:15:20.717

Link: CVE-2022-23685

cve-icon Redhat

No data.