05-13-2014 07:48 PM
ClearPass fixes for Struts security vulnerabilities are now available for versions 6.1.4, 6.2.6 and 6.3.0/6.3.1 The security vulnerabilities addressed in the patches are CVE-2014-0094, CVE-2014-0050, CVE-2014-0112, CVE-2014-0113. Please review the attached README document for more information.
Individual patches are available for ClearPass 6.1.4 and 6.2.6. For versions 6.3.1, the fixes are part of the latest cumulative update 6.3.2. There is no separate security patch available for these versions. Users should install the cumulative update 6.3.2 to obtain these fixes.
For ClearPass 6.1.4 and 6.2.6 please review the README for prerequisites before installing the patch. Customers can install the patches from the Software Updates screen in ClearPass UI. The patches are also available for offline download and install from our support site (support.arubanetworks.com) at the following locations.
- ClearPass 6.1.4 : Downloads > ClearPass > Policy Manager > Archives > 6.1.0 > Patches > ClearPass 6.1.4 Struts security vulnerability
- ClearPass 6.2.6 : Downloads > ClearPass > Policy Manager > Archives > 6.2.0 > Patches > ClearPass 6.2.6 Struts security vulnerability
- ClearPass 6.3.0/6.3.1 : Downloads > ClearPass > Policy Manager > Current Release > 6.3.0 > Patches > ClearPass 6.3.2 Cumulative Update
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
03-19-2017 10:23 AM
Highly recommend you change all your passwords after you apply the patch, especially if your CPPM is internet facing. Potiental for unauthenticated users getting all your CPPM password from etc/password file due this exploit.
Aruba Partner Network Consultant
**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"
03-19-2017 07:09 PM
These vulnerabilities were patched almost 3 years ago.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base