CVE-2018-7063 Vulnerability Details

  /     /     /  

CVE-2018-7063 Metadata Quick Info

CVE Published: 07/12/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: hpe | Vendor: Hewlett Packard Enterprise | Product: Aruba ClearPass Policy Manager
Status : PUBLISHED

---

CVE-2018-7063 Description

In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: remote access restriction bypass
Source: Hewlett Packard Enterprise

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).