CVE-2021-37738 - Vulnerability Details

Vendors	Products
Arubanetworks	Clearpass Policy Manager

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Aruba ClearPass Policy Manager", "vendor": "n/a", "versions": [{"status": "affected", "version": "ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1"}]}], "descriptions": [{"lang": "en", "value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability."}], "problemTypes": [{"descriptions": [{"description": "remote disclosure of sensitive information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-15T13:31:45", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba ClearPass Policy Manager", "version": {"version_data": [{"version_value": "ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote disclosure of sensitive information"}]}]}, "references": {"reference_data": [{"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:30:07.910Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37738", "datePublished": "2021-10-15T13:31:45", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:30:07.910Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Aruba ClearPass Policy Manager (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : remote disclosure of sensitive information (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-10-15T13:31:45 (string)

orgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

shortName : hpe (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security-alert@hpe.com (string)

ID : CVE-2021-37738 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Aruba ClearPass Policy Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : remote disclosure of sensitive information (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

refsource : MISC (string)

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T01:30:07.910Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

assignerShortName : hpe (string)

cveId : CVE-2021-37738 (string)

datePublished : 2021-10-15T13:31:45 (string)

dateReserved : 2021-07-29T00:00:00 (string)

dateUpdated : 2024-08-04T01:30:07.910Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "604AAF73-377A-4AD1-A4FE-1AF5F3B70DD2", "versionEndIncluding": "6.8.9", "versionStartIncluding": "6.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C58FDFD-FCFB-4DA1-8E95-678DFA08E167", "versionEndIncluding": "6.9.7", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA9C9317-7775-4BDA-9903-2C5661362E1A", "versionEndExcluding": "6.10.2", "versionStartIncluding": "6.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de divulgaci\u00f3n remota de informaci\u00f3n confidencial en Aruba ClearPass Policy Manager versi\u00f3n(es): ClearPass Policy Manager 6.10.x anteriores a 6.10.2 - - ClearPass Policy Manager 6.9.x anteriores a 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x anteriores a 6.8.9-HF1. Aruba ha publicado parches para ClearPass Policy Manager que abordan esta vulnerabilidad de seguridad"}], "id": "CVE-2021-37738", "lastModified": "2024-11-21T06:15:50.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-15T14:15:07.663", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 604AAF73-377A-4AD1-A4FE-1AF5F3B70DD2 (string)

versionEndIncluding : 6.8.9 (string)

versionStartIncluding : 6.8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4C58FDFD-FCFB-4DA1-8E95-678DFA08E167 (string)

versionEndIncluding : 6.9.7 (string)

versionStartIncluding : 6.9.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FA9C9317-7775-4BDA-9903-2C5661362E1A (string)

versionEndExcluding : 6.10.2 (string)

versionStartIncluding : 6.10.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. (string)

}

1 : { »

lang : es (string)

value : Se ha detectado una vulnerabilidad de divulgación remota de información confidencial en Aruba ClearPass Policy Manager versión(es): ClearPass Policy Manager 6.10.x anteriores a 6.10.2 - - ClearPass Policy Manager 6.9.x anteriores a 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x anteriores a 6.8.9-HF1. Aruba ha publicado parches para ClearPass Policy Manager que abordan esta vulnerabilidad de seguridad (string)

}

]

id : CVE-2021-37738 (string)

lastModified : 2024-11-21T06:15:50.557 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-10-15T14:15:07.663 (string)

references : [ »

0 : { »

source : security-alert@hpe.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt (string)

}

]

sourceIdentifier : security-alert@hpe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-862 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object