"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-02-23 17:00:52 +00:00 · 2021-02-23 17:00:52 +00:00 · 30a71074b9
commit 30a71074b9
parent 501a9bcc25
1 changed files with 47 additions and 3 deletions
--- a/2021/26xxx/CVE-2021-26685.json
+++ b/2021/26xxx/CVE-2021-26685.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-26685",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security-alert@hpe.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Aruba ClearPass Policy Manager",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Remote Authenticated SQL Injection in Clearpass Web-based Management Interface"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
+                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database."
            }
        ]
    }