Aruba Networks ClearPass SQL injection vulnerability in CVE-2014-4013)
Release date:
Updated on:
Affected Systems:
Aruba Networks ClearPass 5.0.1-6.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68695
CVE (CAN) ID: CVE-2014-4013
Aruba Networks ClearPass is a Wi-Fi network and wired network access solution.
The Policy Manager Component of Aruba Networks ClearPass 5.0.1-6.3 does not effectively filter certain inputs and has the SQL injection vulnerability in implementation, this vulnerability allows authenticated remote users to inject arbitrary SQL code into SQL queries and execute arbitrary SQL commands.
<* Source: Nate Roberts
Link: http://secunia.com/advisories/58936
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Aruba Networks
--------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.arubanetworks.com/products/clearpass/guest/
Http://www.arubanetworks.com/support/alerts/aid-07032014.txt
This article permanently updates the link address: