A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-29536 A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2025-02-27T15:02:53.121Z

Reserved: 2023-02-07T20:24:22.480Z

Link: CVE-2023-25594

cve-icon Vulnrichment

Updated: 2024-08-02T11:25:19.296Z

cve-icon NVD

Status : Modified

Published: 2023-03-22T06:15:10.337

Modified: 2025-02-27T15:15:37.313

Link: CVE-2023-25594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.