{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-22530", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2021-01-05T18:14:04.352Z", "datePublished": "2024-08-28T06:29:20.166Z", "dateUpdated": "2024-08-28T13:31:54.122Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "NetIQ Advance Authentication", "vendor": "OpenText", "versions": [{"lessThan": "<", "status": "affected", "version": "6.3.5.1", "versionType": "server"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1<br>"}], "value": "A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1"}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-667", "description": "CWE-667 Improper Locking", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-08-28T06:29:20.166Z"}, "references": [{"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper account management vulnerability in NetIQ Advance Authentication", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T13:19:20.381421Z", "id": "CVE-2021-22530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:31:54.122Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-22530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T13:19:20.381421Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:31:49.984Z"}}], "cna": {"title": "Improper account management vulnerability in NetIQ Advance Authentication", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "NetIQ Advance Authentication", "versions": [{"status": "affected", "version": "6.3.5.1", "lessThan": "<", "versionType": "server"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1", "supportingMedia": [{"type": "text/html", "value": "A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-667", "description": "CWE-667 Improper Locking"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-08-28T06:29:20.166Z"}}}, "cveMetadata": {"cveId": "CVE-2021-22530", "state": "PUBLISHED", "dateUpdated": "2024-08-28T13:31:54.122Z", "dateReserved": "2021-01-05T18:14:04.352Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-08-28T06:29:20.166Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87", "versionEndExcluding": "6.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*", "matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*", "matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*", "matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*", "matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*", "matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*", "matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*", "matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1"}, {"lang": "es", "value": "Una vulnerabilidad identificada en la autenticaci\u00f3n avanzada de NetIQ que no aplica el bloqueo de cuenta cuando se realiza un ataque de fuerza bruta en el inicio de sesi\u00f3n basado en API. Este problema puede comprometer la cuenta del usuario si tiene \u00e9xito o puede afectar el rendimiento del servidor. Este problema afecta a toda la autenticaci\u00f3n avanzada de NetIQ anterior a 6.3.5.1"}], "id": "CVE-2021-22530", "lastModified": "2024-09-13T17:15:29.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.3, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.3, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-08-28T07:15:06.750", "references": [{"source": "security@opentext.com", "tags": ["Release Notes"], "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-667"}], "source": "security@opentext.com", "type": "Secondary"}]}

{}