Lucene search

[email protected]NVD:CVE-2021-38120

HistoryAug 28, 2024 - 7:15 a.m.

CVE-2021-38120

2024-08-2807:15:07

CWE-77

[email protected]

web.nvd.nist.gov

vulnerability

advance authentication

admin-controlled

backup

command injection

netiq

cve-2021-38120

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.6%

JSON

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

Affected configurations

Nvd

Node

microfocusnetiq_advanced_authenticationRange<6.3

microfocusnetiq_advanced_authenticationMatch6.3-

microfocusnetiq_advanced_authenticationMatch6.3sp1

microfocusnetiq_advanced_authenticationMatch6.3sp2

microfocusnetiq_advanced_authenticationMatch6.3sp3

microfocusnetiq_advanced_authenticationMatch6.3sp4

microfocusnetiq_advanced_authenticationMatch6.3sp4_patch1

microfocusnetiq_advanced_authenticationMatch6.3sp5

VendorProductVersionCPE
microfocusnetiq_advanced_authentication*cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
microfocusnetiq_advanced_authentication6.3cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*

Vendor	Product	Version	CPE
microfocus	netiq_advanced_authentication	*	cpe:2.3:a:microfocus:netiq_advanced_authentication::::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1::::::
microfocus	netiq_advanced_authentication	6.3	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5::::::

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.6%

JSON

Related for NVD:CVE-2021-38120

vulnrichment1 cvelist1 cve1