CVE-2021-22509

A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:netiq_advanced_authentication::::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5::::::

History

No history.

Information

Published : 2024-08-28 07:15

Updated : 2024-09-13 18:05

NVD link : CVE-2021-22509

Mitre link : CVE-2021-22509

CVE.ORG link : CVE-2021-22509

JSON object : View

Products Affected

microfocus

netiq_advanced_authentication

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2021-22509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-28T07:15:04.753", "references": [{"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1"}, {"lang": "es", "value": "Una vulnerabilidad identificada en el almacenamiento y reutilizaci\u00f3n de informaci\u00f3n en Autenticaci\u00f3n Avanzada. Este problema puede provocar la filtraci\u00f3n de datos confidenciales a usuarios no autorizados. El problema afecta a la autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"}], "lastModified": "2024-09-13T18:05:11.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87", "versionEndExcluding": "6.3"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14"}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}