CVE-2021-22530

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*

History

13 Sep 2024, 17:15

Type Values Removed Values Added
First Time Microfocus
Microfocus netiq Advanced Authentication
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 9.9
References () https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html - () https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html - Release Notes
CWE CWE-307
CPE cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*

28 Aug 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad identificada en la autenticación avanzada de NetIQ que no aplica el bloqueo de cuenta cuando se realiza un ataque de fuerza bruta en el inicio de sesión basado en API. Este problema puede comprometer la cuenta del usuario si tiene éxito o puede afectar el rendimiento del servidor. Este problema afecta a toda la autenticación avanzada de NetIQ anterior a 6.3.5.1

28 Aug 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 07:15

Updated : 2024-09-13 17:15


NVD link : CVE-2021-22530

Mitre link : CVE-2021-22530

CVE.ORG link : CVE-2021-22530


JSON object : View

Products Affected

microfocus

  • netiq_advanced_authentication
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts

CWE-667

Improper Locking