Lucene search

OpenTextVULNRICHMENT:CVE-2021-22509

HistoryAug 28, 2024 - 6:29 a.m.

CVE-2021-22509 Handling of sensitive data in process memory in NetIQ Advance Authentication

2024-08-2806:29:42

CWE-312

OpenText

github.com

cve-2021-22509

sensitive data

process memory

leakage

unauthorized user

netiq advance authentication

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
    ],
    "vendor": "microfocus",
    "product": "netiq_advanced_authentication",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "6.3.5.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2021-22509