Lucene search
K
MicrofocusNetiq Advanced Authentication

11 matches found

CVE
CVE
added 2019/07/10 6:2 p.m.130 views

CVE-2019-11650

CVE-2019-11650 concerns NetIQ Advanced Authentication Framework. The affected product is NetIQ Advanced Authentication Framework, with MITM vulnerability reported in versions prior to 6.0. The root cause and specifics beyond the affected version range aren’t detailed in the provided documents. Th...

5.9CVSS5.7AI score0.00819EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.107 views

CVE-2023-24468

CVE-2023-24468 affects NetIQ Advanced Authentication. The issue is broken access control in versions prior to 6.4.1.1 and 6.3.7.2. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and high impact on confidentiality, integrity, and ava...

9.8CVSS9.3AI score0.00863EPSS
CVE
CVE
added 2024/08/28 6:29 a.m.80 views

CVE-2021-22530

CVE-2021-22530 affects NetIQ Advance Authentication and describes a brute-force risk on the API login that does not enforce account lockout. Affected are versions prior to 6.3.5.1. Potential impact includes user account compromise and possible server performance degradation. Remediation per the c...

9.9CVSS8.2AI score0.00215EPSS
CVE
CVE
added 2022/11/28 12:0 a.m.66 views

CVE-2022-38753

CVE-2022-38753 corresponds to a multi-factor authentication bypass affecting NetIQ Advanced Authentication. Connected documents corroborate a vendor update resolving the MFA bypass, but no explicit affected versions or patch details are provided in the supplied materials. NVD/Red Hat entries list...

6.3CVSS6.5AI score0.00468EPSS
CVE
CVE
added 2024/08/28 6:29 a.m.64 views

CVE-2021-22529

NetIQ Advance Authentication contains a vulnerability that leaks sensitive server information in versions before 6.3.5.1. Multiple connected sources (Red Hat, CNVD/CNNVD, PT-2024-10883) corroborate that the issue affects NetIQ Advance Authentication prior to 6.3.5.1 and recommends upgrading to ve...

6.3CVSS6.4AI score0.00158EPSS
CVE
CVE
added 2021/04/12 8:53 p.m.58 views

CVE-2021-22497

CVE-2021-22497 affects Advanced Authentication versions prior to 6.3 SP4 . The underlying issue is an improper session management that can lead to a potential broken authentication . According to the provided metrics, the CVSS v3.1 base score is 7.2 (HIGH) with a network attack vector and low att...

7.2CVSS5.6AI score0.00761EPSS
CVE
CVE
added 2024/08/28 6:28 a.m.57 views

CVE-2021-38121

NetIQ Advance Authentication is affected by a weakness in the TLS protocol version used in client–server communications when accessing a specific service. Affected versions are prior to 6.3.5.1. The root cause is described only as an insufficient or weak TLS version; detailed technical mechanics ...

8.8CVSS8.5AI score0.00178EPSS
CVE
CVE
added 2024/08/28 6:29 a.m.52 views

CVE-2021-22509

NetIQ Advance Authentication contains an information disclosure vulnerability (CVE-2021-22509) affecting versions prior to 6.3.5.1. The issue stems from storing and reusing sensitive data in the authentication process, which can lead to leakage to unauthorized users. Impact is described as inform...

8.1CVSS7.9AI score0.002EPSS
CVE
CVE
added 2024/08/28 6:28 a.m.52 views

CVE-2021-38122

NetIQ Advance Authentication is affected by a Cross-Site Scripting (XSS) vulnerability affecting versions prior to 6.3.5.1. The issue enables execution of arbitrary scripts via unfiltered user input, impacting server functionality and potentially exposing sensitive data. Affected component is the...

8.2CVSS6.2AI score0.00272EPSS
CVE
CVE
added 2021/07/12 10:4 a.m.51 views

CVE-2021-22515

NetIQ Advanced Authentication MFA can be bypassed, allowing single-factor authentication in versions prior to 6.3 SP4 Patch 1. The vulnerability affects the MFA flow and could enable unauthorized access when MFA is expected. Public advisories reference NetIQ’s release of updates in 6.3 SP4 Patch ...

6.5CVSS5.8AI score0.00685EPSS
CVE
CVE
added 2024/08/28 6:28 a.m.50 views

CVE-2021-38120

Summary (concrete details from connected docs): NetIQ Advance Authentication versions prior to 6.3.5.1 are affected by a Bash command injection vulnerability in the administrative backup functionality caused by improper handling of provided command parameters. A fixed release is 6.3.5.1. Recommen...

7.2CVSS5.6AI score0.00518EPSS