Versions
ClearPass Policy Manager 6.11.x:6.11.4 and below
<=6.11.4
6.10.8 and below
ClearPass Policy Manager 6.10.x:ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and below
ClearPass Policy Manager 6.9.x:6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below
6.11.1 and below
ClearPass Policy Manager 6.12.x:6.12.0
ClearPass Policy Manager 6.9.x:ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and below
6.9.13 and below
ClearPass Policy Manager 6.10.x:6.10.7 and below, ClearPass Policy Manager 6.9.x:6.9.12 and below
ClearPass Policy Manager 6.10.x:6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below
ClearPass Policy Manager 6.11.x:6.11.6 and below
Recent CVEs
CVE-2024-26302
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
CVE-2024-26301
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
CVE-2024-26300
A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2024-26299
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2024-26298
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26297
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26296
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26295
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26294
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.