Lucene search

OpenTextCVELIST:CVE-2021-22509

HistoryAug 28, 2024 - 6:29 a.m.

CVE-2021-22509 Handling of sensitive data in process memory in NetIQ Advance Authentication

2024-08-2806:29:42

CWE-312

OpenText

www.cve.org

cve-2021-22509

sensitive data

process memory

netiq advance authentication

leakage

unauthorized user

version 6.3.5.1

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

18.8%

JSON

A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "NetIQ Advance Authentication",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThan": "<",
        "status": "affected",
        "version": "6.3.5.1",
        "versionType": "server"
      }
    ]
  }
]

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2021-22509