CVE-2023-25593

Summary

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.11.1 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.10.8 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.9.13 and belowaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References