CVE-2021-40997
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/10/2021
Last modified:
12/07/2022
Description
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* | 6.8.0 (including) | 6.8.9 (excluding) |
| cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* | 6.9.0 (including) | 6.9.7 (excluding) |
| cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* | 6.10.0 (including) | 6.10.2 (excluding) |
| cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.9:-:*:*:*:*:*:* | ||
| cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.7:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page