A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Microfocus
  • Netiq Advanced Authentication

Configuration 1 [-]

OR cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*

No data.

References
Link Providers
https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html cve-icon cve-icon
History

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Microfocus netiq Advanced Authentication
CPEs cpe:2.3:a:microfocus:netiq_advance_authentication:*:*:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*
Vendors & Products Microfocus netiq Advance Authentication
Microfocus netiq Advanced Authentication

Thu, 12 Sep 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Microfocus
Microfocus netiq Advance Authentication
CPEs cpe:2.3:a:microfocus:netiq_advance_authentication:*:*:*:*:*:*:*:*
Vendors & Products Microfocus
Microfocus netiq Advance Authentication

Wed, 28 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 28 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Title Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L'}
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-08-28T06:28:55.684Z

Updated: 2024-08-28T13:32:17.979Z

Reserved: 2021-08-04T20:57:01.489Z

Link: CVE-2021-38120

cve-icon Vulnrichment

Updated: 2024-08-28T13:32:10.376Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-28T07:15:07.303

Modified: 2024-09-13T18:04:28.527

Link: CVE-2021-38120

cve-icon Redhat

No data.