CVE-2021-29139: 
Aruba ClearPass vulnerability analysis and mitigation

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager affecting versions prior to 6.9.5, 6.8.9, and 6.7.14-HF1. The vulnerability was assigned CVE-2021-29139 and was disclosed on April 29, 2021 (NVD, CVE).

The vulnerability is classified as a cross-site scripting (XSS) issue, specifically related to improper neutralization of input during web page generation (CWE-79). The CVSS v3.1 base score is 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires high privileges and user interaction to exploit (NVD).

The vulnerability could potentially lead to unauthorized access to sensitive information and compromise of data integrity through cross-site scripting attacks. The CVSS scoring indicates that both confidentiality and integrity impacts are rated as Low, while there is no impact on availability (NVD).

Aruba has released patches to address this security vulnerability. Users should upgrade to versions 6.9.5, 6.8.9, or 6.7.14-HF1 or later depending on their current version track (Vendor Advisory).