Lucene search

OpenTextCVELIST:CVE-2021-38121

HistoryAug 28, 2024 - 6:28 a.m.

CVE-2021-38121 Weak communication protocol identified in Advance Authentication client application

2024-08-2806:28:43

CWE-326

OpenText

www.cve.org

cve-2021-38121

netiq advance authentication

tls protocol

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

22.3%

JSON

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "NetIQ Advance Authentication",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThan": "<",
        "status": "affected",
        "version": "6.3.5.1",
        "versionType": "server"
      }
    ]
  }
]

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

22.3%

JSON

Related for CVELIST:CVE-2021-38121