Vulnerabilites related to microfocus - netiq_advanced_authentication
CVE-2021-22530 (GCVE-0-2021-22530)
Vulnerability from cvelistv5
Published
2024-08-28 06:29
Modified
2024-08-28 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-667 - Improper Locking
Summary
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:19:20.381421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:31:54.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability identified in NetIQ Advance Authentication that doesn\u0027t enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1\u003cbr\u003e"
}
],
"value": "A vulnerability identified in NetIQ Advance Authentication that doesn\u0027t enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:29:20.166Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper account management vulnerability in NetIQ Advance Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22530",
"datePublished": "2024-08-28T06:29:20.166Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-08-28T13:31:54.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11650 (GCVE-0-2019-11650)
Vulnerability from cvelistv5
Published
2019-07-10 18:02
Modified
2024-08-04 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- MITM
Summary
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Advanced Authentication Framework |
Version: Versions prior to 6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication Framework",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "MITM",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Advanced Authentication Framework",
"version": {
"version_data": [
{
"version_value": "Versions prior to 6.0"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MITM"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11650",
"datePublished": "2019-07-10T18:02:45",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38120 (GCVE-0-2021-38120)
Vulnerability from cvelistv5
Published
2024-08-28 06:28
Modified
2024-08-28 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:19:09.339664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:32:17.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in \u003ci\u003eprovided\u0026nbsp;\u003c/i\u003ecommand parameters. \u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Advance Authentication version before 6.3.5.1.\u003c/span\u003e"
}
],
"value": "A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in provided\u00a0command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:28:55.684Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38120",
"datePublished": "2024-08-28T06:28:55.684Z",
"dateReserved": "2021-08-04T20:57:01.489Z",
"dateUpdated": "2024-08-28T13:32:17.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38753 (GCVE-0-2022-38753)
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2025-04-25 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- MFA Factor Authentication bypass
Summary
This update resolves a multi-factor authentication bypass attack
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Version: NetIQ Advanced Authentication versions prior to 6.4 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:20:41.639595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:21:27.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ Advanced Authentication versions prior to 6.4 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This update resolves a multi-factor authentication bypass attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "MFA Factor Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38753",
"datePublished": "2022-11-28T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:21:27.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22529 (GCVE-0-2021-22529)
Vulnerability from cvelistv5
Published
2024-08-28 06:29
Modified
2024-08-28 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netiq_advanced_authentication",
"vendor": "microfocus",
"versions": [
{
"lessThan": "6.3.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:31:07.835573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:31:13.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1\u003cbr\u003e"
}
],
"value": "A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:29:33.325Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22529",
"datePublished": "2024-08-28T06:29:33.325Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-08-28T13:31:13.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22509 (GCVE-0-2021-22509)
Vulnerability from cvelistv5
Published
2024-08-28 06:29
Modified
2024-08-28 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netiq_advanced_authentication",
"vendor": "microfocus",
"versions": [
{
"lessThan": "6.3.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:31:35.510887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:31:40.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows",
"MacOS"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1\u003cbr\u003e"
}
],
"value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:29:42.838Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Handling of sensitive data in process memory in NetIQ Advance Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22509",
"datePublished": "2024-08-28T06:29:42.838Z",
"dateReserved": "2021-01-05T18:14:04.349Z",
"dateUpdated": "2024-08-28T13:31:40.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22497 (GCVE-0-2021-22497)
Vulnerability from cvelistv5
Published
2021-04-12 20:53
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Broken Authentication & Improper Session Management
Summary
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Advanced Authentication |
Version: Advanced Authentication < 6.3 SP4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "Advanced Authentication",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "6.3 SP4",
"status": "affected",
"version": "Advanced Authentication",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "We would like to offer a special thank you to Syed Sohaib Karim \u003csyedsohaibkarim@gmail.com for responsibly disclosing this vulnerability to us."
}
],
"datePublic": "2021-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Authentication \u0026 Improper Session Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T20:53:20",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced Authentication Improper Session Management",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-04-02T05:00:00.000Z",
"ID": "CVE-2021-22497",
"STATE": "PUBLIC",
"TITLE": "Advanced Authentication Improper Session Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Authentication",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "Advanced Authentication",
"version_value": "6.3 SP4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "We would like to offer a special thank you to Syed Sohaib Karim \u003csyedsohaibkarim@gmail.com for responsibly disclosing this vulnerability to us."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication \u0026 Improper Session Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22497",
"datePublished": "2021-04-12T20:53:20.743349Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T18:49:16.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22515 (GCVE-0-2021-22515)
Vulnerability from cvelistv5
Published
2021-07-12 10:04
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication.
Summary
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Advanced Authentication |
Version: NetIQ Advanced Authentication < 6.3 SP4 Patch 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "6.3 SP4 Patch 1",
"status": "affected",
"version": "NetIQ Advanced Authentication",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T10:04:15",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Advanced Authentication Framework 6.3 SP4 Patch 1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-04-29T16:40:00.000Z",
"ID": "CVE-2021-22515",
"STATE": "PUBLIC",
"TITLE": "Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Advanced Authentication",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "NetIQ Advanced Authentication",
"version_value": "6.3 SP4 Patch 1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Advanced Authentication Framework 6.3 SP4 Patch 1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22515",
"datePublished": "2021-07-12T10:04:15.162932Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T02:36:27.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38122 (GCVE-0-2021-38122)
Vulnerability from cvelistv5
Published
2024-08-28 06:28
Modified
2024-08-28 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.
This issue affects NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:18:55.102223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:32:46.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.\u003cbr\u003eThis issue affects NetIQ Advance Authentication before 6.3.5.1\u003cbr\u003e"
}
],
"value": "A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.\nThis issue affects NetIQ Advance Authentication before 6.3.5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:28:29.654Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) in Advance Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38122",
"datePublished": "2024-08-28T06:28:29.654Z",
"dateReserved": "2021-08-04T20:57:01.489Z",
"dateUpdated": "2024-08-28T13:32:46.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38121 (GCVE-0-2021-38121)
Vulnerability from cvelistv5
Published
2024-08-28 06:28
Modified
2024-08-28 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-326 - Inadequate Encryption Strength
Summary
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Advance Authentication |
Version: 6.3.5.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netiq_advanced_authentication",
"vendor": "microfocus",
"versions": [
{
"lessThan": "6.3.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:28:39.335154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:29:45.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "NetIQ Advance Authentication",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "6.3.5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u0026nbsp; This issue affects NetIQ Advance Authentication versions before 6.3.5.1\u003cbr\u003e"
}
],
"value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-217",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-217 Exploiting Incorrectly Configured SSL/TLS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:28:43.452Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak communication protocol identified in Advance Authentication client application",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38121",
"datePublished": "2024-08-28T06:28:43.452Z",
"dateReserved": "2021-08-04T20:57:01.489Z",
"dateUpdated": "2024-08-28T13:29:45.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24468 (GCVE-0-2023-24468)
Vulnerability from cvelistv5
Published
2023-03-15 00:00
Modified
2025-02-27 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Summary
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Version: versions prior to 6.4.1.1 and 6.3.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:44:14.484104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:45:24.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.4.1.1 and 6.3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2023-24468",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-27T14:45:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 18:05
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1"
},
{
"lang": "es",
"value": "Una vulnerabilidad identificada en el almacenamiento y reutilizaci\u00f3n de informaci\u00f3n en Autenticaci\u00f3n Avanzada. Este problema puede provocar la filtraci\u00f3n de datos confidenciales a usuarios no autorizados. El problema afecta a la autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"
}
],
"id": "CVE-2021-22509",
"lastModified": "2024-09-13T18:05:11.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:04.753",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 18:03
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Summary
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.
This issue affects NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.\nThis issue affects NetIQ Advance Authentication before 6.3.5.1"
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting identificada en la autenticaci\u00f3n avanzada de NetIQ que afecta la funcionalidad del servidor y revela informaci\u00f3n confidencial. Este problema afecta a la autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"
}
],
"id": "CVE-2021-38122",
"lastModified": "2024-09-13T18:03:49.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 4.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:08.300",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-28 22:15
Modified
2025-04-25 21:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
This update resolves a multi-factor authentication bypass attack
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80583BBA-72B3-46E7-AD90-F6041EE6C82B",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.4:-:*:*:*:*:*:*",
"matchCriteriaId": "BB6165FC-DC61-4354-9769-5BE769BB5313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This update resolves a multi-factor authentication bypass attack"
},
{
"lang": "es",
"value": "Esta actualizaci\u00f3n resuelve un ataque de omisi\u00f3n de autenticaci\u00f3n multifactor"
}
],
"id": "CVE-2022-38753",
"lastModified": "2025-04-25T21:15:33.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-28T22:15:10.723",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-12 21:15
Modified
2024-11-21 05:50
Severity ?
3.8 (Low) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue."
},
{
"lang": "es",
"value": "Advanced Authentication versiones anteriores a 6.3, SP4, presentan una posible autenticaci\u00f3n rota debido a un problema de administraci\u00f3n de sesi\u00f3n inapropiada"
}
],
"id": "CVE-2021-22497",
"lastModified": "2024-11-21T05:50:13.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.2,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T21:15:14.123",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 19:15
Modified
2024-11-21 04:21
Severity ?
Summary
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C58F5871-2FFB-4B21-85A2-ABDBEC49DE67",
"versionEndExcluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un potencial ataque de tipo Man in the Middle (MITM) en NetIQ Advanced Authentication Framework versiones anteriores a 6.0."
}
],
"id": "CVE-2019-11650",
"lastModified": "2024-11-21T04:21:31.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T19:15:10.453",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-15 23:15
Modified
2025-05-16 20:22
Severity ?
Summary
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html | Release Notes | |
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.4 | |
| microfocus | netiq_advanced_authentication | 6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B693A40C-E75F-4937-9500-7068947120A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5_patch2:*:*:*:*:*:*",
"matchCriteriaId": "5A6F0324-EF27-4C0E-B737-5F7998A1D555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp6:*:*:*:*:*:*",
"matchCriteriaId": "3396CE81-7FB7-4354-B8C8-5206222F2D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp6_patch1:*:*:*:*:*:*",
"matchCriteriaId": "7A25944E-674C-4D84-9F3E-F357DB784153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp7:*:*:*:*:*:*",
"matchCriteriaId": "D0BEF722-A582-400C-8696-0CA0A5ABCA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.4:-:*:*:*:*:*:*",
"matchCriteriaId": "BB6165FC-DC61-4354-9769-5BE769BB5313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2B35521A-8FD6-49D2-9BAD-CC2937C68F3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2"
}
],
"id": "CVE-2023-24468",
"lastModified": "2025-05-16T20:22:52.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-15T23:15:09.563",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 18:04
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in provided\u00a0command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad identificada en la autenticaci\u00f3n avanzada que permite la inyecci\u00f3n de comandos bash en la funcionalidad de copia de seguridad controlada administrativamente debido a un manejo inadecuado de los par\u00e1metros de comando proporcionados. Este problema afecta a la versi\u00f3n de autenticaci\u00f3n avanzada de NetIQ anterior a la 6.3.5.1."
}
],
"id": "CVE-2021-38120",
"lastModified": "2024-09-13T18:04:28.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 4.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:07.303",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 18:03
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1"
},
{
"lang": "es",
"value": "Una vulnerabilidad identificada en la autenticaci\u00f3n avanzada de NetIQ que filtra informaci\u00f3n confidencial del servidor. Este problema afecta a la versi\u00f3n de autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"
}
],
"id": "CVE-2021-22529",
"lastModified": "2024-09-13T18:03:12.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:06.223",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 18:04
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1"
},
{
"lang": "es",
"value": "Se identifica una versi\u00f3n del protocolo TLS insuficiente o d\u00e9bil en la comunicaci\u00f3n del servidor del cliente de autenticaci\u00f3n avanzada cuando se accede a un servicio espec\u00edfico entre dispositivos. Este problema afecta a las versiones de autenticaci\u00f3n avanzada de NetIQ anteriores a la 6.3.5.1"
}
],
"id": "CVE-2021-38121",
"lastModified": "2024-09-13T18:04:16.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:07.807",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-12 11:15
Modified
2024-11-21 05:50
Severity ?
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@opentext.com | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1."
},
{
"lang": "es",
"value": "Una funcionalidad de Autenticaci\u00f3n Multifactor (MFA) puede ser omitida, permitiendo el uso de la autenticaci\u00f3n de un solo factor en NetIQ Advanced Authentication versiones anteriores a 6.3 SP4 Parche 1"
}
],
"id": "CVE-2021-22515",
"lastModified": "2024-11-21T05:50:15.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-12T11:15:07.713",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-28 07:15
Modified
2024-09-13 17:15
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Summary
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 | |
| microfocus | netiq_advanced_authentication | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability identified in NetIQ Advance Authentication that doesn\u0027t enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1"
},
{
"lang": "es",
"value": "Una vulnerabilidad identificada en la autenticaci\u00f3n avanzada de NetIQ que no aplica el bloqueo de cuenta cuando se realiza un ataque de fuerza bruta en el inicio de sesi\u00f3n basado en API. Este problema puede comprometer la cuenta del usuario si tiene \u00e9xito o puede afectar el rendimiento del servidor. Este problema afecta a toda la autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"
}
],
"id": "CVE-2021-22530",
"lastModified": "2024-09-13T17:15:29.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T07:15:06.750",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}