11 matches found
CVE-2019-11650
CVE-2019-11650 concerns NetIQ Advanced Authentication Framework. The affected product is NetIQ Advanced Authentication Framework, with MITM vulnerability reported in versions prior to 6.0. The root cause and specifics beyond the affected version range aren’t detailed in the provided documents. Th...
CVE-2023-24468
CVE-2023-24468 affects NetIQ Advanced Authentication. The issue is broken access control in versions prior to 6.4.1.1 and 6.3.7.2. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and high impact on confidentiality, integrity, and ava...
CVE-2021-22530
CVE-2021-22530 affects NetIQ Advance Authentication and describes a brute-force risk on the API login that does not enforce account lockout. Affected are versions prior to 6.3.5.1. Potential impact includes user account compromise and possible server performance degradation. Remediation per the c...
CVE-2022-38753
CVE-2022-38753 corresponds to a multi-factor authentication bypass affecting NetIQ Advanced Authentication. Connected documents corroborate a vendor update resolving the MFA bypass, but no explicit affected versions or patch details are provided in the supplied materials. NVD/Red Hat entries list...
CVE-2021-22529
NetIQ Advance Authentication contains a vulnerability that leaks sensitive server information in versions before 6.3.5.1. Multiple connected sources (Red Hat, CNVD/CNNVD, PT-2024-10883) corroborate that the issue affects NetIQ Advance Authentication prior to 6.3.5.1 and recommends upgrading to ve...
CVE-2021-22497
CVE-2021-22497 affects Advanced Authentication versions prior to 6.3 SP4 . The underlying issue is an improper session management that can lead to a potential broken authentication . According to the provided metrics, the CVSS v3.1 base score is 7.2 (HIGH) with a network attack vector and low att...
CVE-2021-38121
NetIQ Advance Authentication is affected by a weakness in the TLS protocol version used in client–server communications when accessing a specific service. Affected versions are prior to 6.3.5.1. The root cause is described only as an insufficient or weak TLS version; detailed technical mechanics ...
CVE-2021-22509
NetIQ Advance Authentication contains an information disclosure vulnerability (CVE-2021-22509) affecting versions prior to 6.3.5.1. The issue stems from storing and reusing sensitive data in the authentication process, which can lead to leakage to unauthorized users. Impact is described as inform...
CVE-2021-38122
NetIQ Advance Authentication is affected by a Cross-Site Scripting (XSS) vulnerability affecting versions prior to 6.3.5.1. The issue enables execution of arbitrary scripts via unfiltered user input, impacting server functionality and potentially exposing sensitive data. Affected component is the...
CVE-2021-22515
NetIQ Advanced Authentication MFA can be bypassed, allowing single-factor authentication in versions prior to 6.3 SP4 Patch 1. The vulnerability affects the MFA flow and could enable unauthorized access when MFA is expected. Public advisories reference NetIQ’s release of updates in 6.3 SP4 Patch ...
CVE-2021-38120
Summary (concrete details from connected docs): NetIQ Advance Authentication versions prior to 6.3.5.1 are affected by a Bash command injection vulnerability in the administrative backup functionality caused by improper handling of provided command parameters. A fixed release is 6.3.5.1. Recommen...