ClearPass Policy Manager Product Security Update Advisory

Feb 28 2024

Overview

An update has been made available to fix vulnerabilities in ClearPass Policy Manager. Users of affected versions are advised to update to the latest version.

Affected Products

ClearPass Policy Manager

6.version 12.0 and later
6.11.6 and earlier versions
ClearPass 6.10.8 Hotfix Q4 2023 or earlier
ClearPass 6.9.13 Hotfix Q4 2023 or earlier

Resolved Vulnerabilities

Command injection vulnerability in ClearPass Policy Manager (CVE-2023-50164)
Authenticated remote command injection vulnerability in the ClearPass Policy Manager Web-Based Management Interface (CVE-2024-26294,CVE-2024-26295, CVE-2024-26296, CVE-2024-26297, CVE-2024-26298)
Stored XSS vulnerability in the ClearPass Policy Manager Admin Interface (CVE-2024-26299)
Stored XSS vulnerability in the ClearPass Policy Manager Guest Interface (CVE-2024-26300)

Vulnerability Patches

Vulnerability patches were made available in the February 27, 2024 update. Please update to the latest vulnerability patch version as described in the reference site.

ClearPass Policy Manager

6.12.1 and later versions
6.11.7 and later versions
6.10.8 Hotfix Patch 8 Q1 2024 and later versions
6.9.13 Hotfix Patch 7 Q1 2024 or later

Referenced Sites

[1] CVE-2024-26302 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-26302
[2] HPE Aruba Networking Product Security Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt

ClearPass Policy Manager Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Advisory for aiohttp Framework Security Update (CVE-2024-23334)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Advisory for aiohttp Framework Security Update (CVE-2024-23334)