ClearPass Policy Manager Vulnerability Could Lead to Stored XSS Attacks
CVE-2024-26300

6.6MEDIUM

Key Information:

Vendor: HP
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 27 February 2024

Summary

A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.12.x: 6.12.0

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.6 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Kajetan Rostojek (@kaje11)