A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 27 May 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: hpe
Published: 2022-09-20T20:12:50.000Z
Updated: 2025-05-27T18:16:36.683Z
Reserved: 2022-01-19T00:00:00.000Z
Link: CVE-2022-23685

Updated: 2024-08-03T03:51:45.797Z

Status : Modified
Published: 2022-09-20T21:15:10.083
Modified: 2025-05-27T19:15:20.717
Link: CVE-2022-23685

No data.