CVE-2021-38120 - OpenCVE

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microfocus	Netiq Advanced Authentication

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:netiq_advanced_authentication::::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1::::::
	cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5::::::

No data.

References

Link	Providers
https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

History

Fri, 13 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microfocus netiq Advanced Authentication
CPEs	cpe:2.3:a:microfocus:netiq_advance_authentication::::::::	cpe:2.3:a:microfocus:netiq_advanced_authentication:::::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:::::: cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5::::::
Vendors & Products	Microfocus netiq Advance Authentication	Microfocus netiq Advanced Authentication

Thu, 12 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microfocus Microfocus netiq Advance Authentication
CPEs		cpe:2.3:a:microfocus:netiq_advance_authentication::::::::
Vendors & Products		Microfocus Microfocus netiq Advance Authentication

Wed, 28 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 28 Aug 2024 06:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Title		Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
Weaknesses		CWE-77
References		https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-08-28T06:28:55.684Z

Updated: 2024-08-28T13:32:17.979Z

Reserved: 2021-08-04T20:57:01.489Z

Link: CVE-2021-38120

Vulnrichment

Updated: 2024-08-28T13:32:10.376Z

NVD

Status : Analyzed

Published: 2024-08-28T07:15:07.303

Modified: 2024-09-13T18:04:28.527

Link: CVE-2021-38120

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object