On June 2, 2020 Aruba posted advisory ARUBA-PSA-2020-005 disclosing that high and medium severity vulnerabilities exists in the Aruba ClearPass Policy Manager product. The affected product families are v6.9.x, v6.8.x, and v6.7.x. The vulnerabilities can result in authentication bypass and remote command execution in the WebUI.
Recommended upgrades:
Upgrade ClearPass Policy Manager v6.9.x to v6.9.1
Upgrade ClearPass Policy Manager v6.8.x to v6.8.5-HF or v6.8.6
Upgrade ClearPass Policy Manager v6.7.x to v6.7.13-HF
We strongly advise customers to review the Aruba advisory and upgrade their environments. PDS Architects are available to assist with the upgrades, your Account Director can assist in arranging for this upgrade support.