fkie_nvd - fkie_cve-2021-38120

fkie_cve-2021-38120

Vulnerability from fkie_nvd

Published

2024-08-28 07:15

Modified

2024-09-13 18:04

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

References

▶	URL	Tags
	security@opentext.com	https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html	Release Notes

Impacted products

Vendor	Product	Version
microfocus	netiq_advanced_authentication	*
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
              "versionEndExcluding": "6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in provided\u00a0command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad identificada en la autenticaci\u00f3n avanzada que permite la inyecci\u00f3n de comandos bash en la funcionalidad de copia de seguridad controlada administrativamente debido a un manejo inadecuado de los par\u00e1metros de comando proporcionados. Este problema afecta a la versi\u00f3n de autenticaci\u00f3n avanzada de NetIQ anterior a la 6.3.5.1."
    }
  ],
  "id": "CVE-2021-38120",
  "lastModified": "2024-09-13T18:04:28.527",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 4.7,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-28T07:15:07.303",
  "references": [
    {
      "source": "security@opentext.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-38120 (GCVE-0-2021-38120)

Vulnerability from cvelistv5

Published

2024-08-28 06:28

Modified

2024-08-28 13:32

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

References

►

URL

Tags

https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html