Vulnerability Description
All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Aruba Clearpass Policy Manager | < 6.6.8 |
Related Weaknesses (CWE)
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txtVendor Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txtVendor Advisory
FAQ
What is CVE-2017-9002?
CVE-2017-9002 is a vulnerability with a CVSS score of 6.1 (MEDIUM). All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative ...
How severe is CVE-2017-9002?
CVE-2017-9002 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9002?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Aruba Clearpass Policy Manager.