VDB
CVE-2024-26300
CVE-2024-26300
PUBLISHED
In Aruba ClearPass Policy Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in in die webbasierte management interface nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, privilegiert Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.
EPSS 0.04% · 12.9th percentile
Risk Scores
EPSS Score
0.04%
12.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aruba | Aruba ClearPass Policy Manager |
Exploit Intelligence
- CIRCL seen: CVE-2024-26300 (circl-sighting)
- CIRCL seen: CVE-2024-26300 (circl-sighting)
- CIRCL seen: CVE-2024-26300 (circl-sighting)
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt (circl)
Timeline
- Feb 27, 2024 CVE Published
- Feb 28, 2024 EPSS Score
- Feb 28, 2024 PoC Published
- Feb 28, 2024 PoC Published
- Mar 14, 2024 PoC Published
- Mar 26, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 11, 2024 EPSS Score
- Aug 6, 2024 EPSS Score
- Sep 2, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0502.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0502 advisory
- https://www.arubanetworks.com/security-advisory/clearpass-policy-manager-multiple-vulnerabilities-20/ advisory
- https://github.com/advisories/GHSA-57f3-xqmx-39gv advisory
- https://github.com/advisories/GHSA-763w-c5w6-4pw8 advisory
- https://github.com/advisories/GHSA-8hf3-685j-g9xf advisory
- https://github.com/advisories/GHSA-gh72-4xjj-7p87 advisory
- https://github.com/advisories/GHSA-j6mw-3p6q-wxcc advisory
- https://github.com/advisories/GHSA-jhxw-wgr6-6rqc advisory
- https://github.com/advisories/GHSA-jxq3-2hwh-v5qg advisory
- https://github.com/advisories/GHSA-p52j-p77c-rqf9 advisory
- https://github.com/advisories/GHSA-q5ch-6whv-v4gp advisory
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04601en_us&docLocale=en_US advisory