Vulnerabilities (CVE)

Filtered by vendor Arubanetworks Subscribe
Total 451 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-23057 1 Arubanetworks 1 Fabric Composer 2025-03-28 N/A 5.5 MEDIUM
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23056 1 Arubanetworks 1 Fabric Composer 2025-03-28 N/A 5.5 MEDIUM
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23055 1 Arubanetworks 1 Fabric Composer 2025-03-28 N/A 5.5 MEDIUM
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23058 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 N/A 8.8 HIGH
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
CVE-2025-23059 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 N/A 6.8 MEDIUM
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
CVE-2025-23060 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 N/A 6.6 MEDIUM
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
CVE-2025-25039 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 N/A 4.7 MEDIUM
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVE-2024-26296 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26295 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26297 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26298 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26299 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 6.6 MEDIUM
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2024-26300 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 6.6 MEDIUM
A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2024-26302 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 4.8 MEDIUM
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
CVE-2024-26294 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-42398 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-03-24 N/A 5.3 MEDIUM
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
CVE-2017-5638 7 Apache, Arubanetworks, Hp and 4 more 13 Struts, Clearpass Policy Manager, Server Automation and 10 more 2025-03-21 10.0 HIGH 9.8 CRITICAL
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2024-42399 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-03-13 N/A 5.3 MEDIUM
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
CVE-2023-22767 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2025-03-11 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22766 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2025-03-11 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.