CVE-2024-51773: Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface

4.8 CVSS

Description

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session.

Classification

CVE ID: CVE-2024-51773

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

Affected Products

Vendor: Hewlett Packard Enterprise (HPE)

Product: HPE Aruba Networking ClearPass Policy Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US

Timeline

2024-12-04 00:11:40 UTC
CVE

Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface