A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote…
hpe·CWE-1390·Published 2025-02-04
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager permite que un atacante remoto autenticado con privilegios bajos (solo lectura) obtenga acceso no autorizado a los datos y la capacidad de ejecutar funciones que deberían estar restringidas a los administradores con privilegios de lectura y escritura únicamente. Una explotación exitosa podría permitir que un usuario con privilegios bajos ejecute funciones administrativas, lo que llevaría a una escalada de privilegios.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 8.1 | 2.8 | 5.2 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | Secondary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |