HPE Aruba Networking ClearPass Policy Manager
Easy fix3 remedies
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- >= 6.12, <= 6.12.5
- >= 6.11, <= 6.11.12
HPE Aruba Networking ClearPass Policy Manager Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM). This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript in the context of the affected interface. The issue is present in ClearPass versions 6.12.5 and below, as well as 6.11.12 and below.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.
Remediation
Users can upgrade to HPE Aruba Networking ClearPass Policy Manager 6.12.6 or above, or to the 6.11.12 Hotfix Patch for CVE-2025-37122. The ClearPass Policy Manager Hardening Guide is also available to help secure instances against such vulnerabilities.
Added: Sep 17, 2025, 8:26 PM
Updated: Sep 17, 2025, 8:26 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
1.7exploitability
6.0remediation
8.3relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.