CVE-2017-9002
Summary
| CVE | CVE-2017-9002 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-06 20:29:00 UTC |
| Updated | 2018-10-18 12:59:00 UTC |
| Description | All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Aruba Clearpass Policy Manager | All | All | All | All |
| Application | Hp | Aruba Clearpass Policy Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt | CONFIRM | www.arubanetworks.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.