A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
History

Fri, 13 Sep 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microfocus
Microfocus netiq Advanced Authentication
Weaknesses CWE-307
CPEs cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*
Vendors & Products Microfocus
Microfocus netiq Advanced Authentication

Wed, 28 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 28 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Title Improper account management vulnerability in NetIQ Advance Authentication
Weaknesses CWE-667
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-08-28T06:29:20.166Z

Updated: 2024-08-28T13:31:54.122Z

Reserved: 2021-01-05T18:14:04.352Z

Link: CVE-2021-22530

cve-icon Vulnrichment

Updated: 2024-08-28T13:31:49.984Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-28T07:15:06.750

Modified: 2024-09-13T17:15:29.670

Link: CVE-2021-22530

cve-icon Redhat

No data.