CVE-2020-7113
Published Apr 16, 2020
Last updated 3 years ago
Overview
- Description
- A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
- Source
- security-alert@hpe.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A93E733-7F7C-45C0-A419-3474745F8CDC",
"versionEndExcluding": "6.7.13",
"versionStartIncluding": "6.7.0"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "322D0EFF-351A-4CB3-9379-CEFE7E47F4B2",
"versionEndExcluding": "6.8.4",
"versionStartIncluding": "6.8.0"
}
],
"operator": "OR"
}
]
}
]