Lucene search

[email protected]CVE-2015-1389

HistoryMay 28, 2015 - 2:59 p.m.

CVE-2015-1389

2015-05-2814:59:01

CWE-79

[email protected]

web.nvd.nist.gov

nvd

cve-2015-1389

aruba networks

clearpass policy manager

xss

remote attackers

web script injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

Affected configurations

NVD

Node

arubanetworksclearpass_policy_managerRange≤6.4.4

CPENameOperatorVersion
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managerle6.4.4

CPE	Name	Operator	Version
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	le	6.4.4

References

packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/May/115

www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt

github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf

www.exploit-db.com/exploits/37172/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2015-1389

prion1 zdt1 nvd1 packetstorm1 exploitpack1 cvelist1 exploitdb1