Vulnerability CVE-2014-4013

Vulnerability CVE-2014-4013

Published: 2014-07-14

Description:

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:A/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.9/10	6.4/10	4.4/10

Exploit range	Attack complexity	Authentication
Adjacent network	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Arubanetworks -> Clearpass

References:

http://www.arubanetworks.com/support/alerts/aid-07032014.txt

http://secunia.com/advisories/58936

Copyright 2024, cxsecurity.com