Aruba Networks CPPM Cross-Site Scripting Vulnerability (CVE-2015-4132)

Aruba Networks CPPM Cross-Site Scripting Vulnerability (CVE-2015-4132)
Aruba Networks CPPM Cross-Site Scripting Vulnerability (CVE-2015-4132)

Release date:
Updated on:

Affected Systems:

Aruba Networks ClearPass Policy Manager <6.4.5

Description:

CVE (CAN) ID: CVE-2015-4132

Aruba Networks ClearPass Policy Manager is an advanced Policy management platform for network access control based on roles and devices.

Aruba Networks ClearPass Policy Manager (CPPM) earlier than 6.4.5 has a directory traversal security vulnerability. remote administrators can exploit this vulnerability to inject arbitrary Web scripts or HTML.

<* Source: BugCrowd
*>

Suggestion:

Vendor patch:

Aruba Networks
--------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt

This article permanently updates the link address: