CVE-2018-7060

HIGH

Aruba ClearPass 6.6.0-6.6.8 and 6.7.0 - Cross-Site Request Forgery

Title source: llm

Description

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt

Scores

CVSS v3 8.8

EPSS 0.0016

EPSS Percentile 36.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

arubanetworks/clearpass 6.6.0 - 6.6.9

Published Aug 06, 2018

Tracked Since Feb 18, 2026