CVE-2021-38122

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-38122
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*
History

13 Sep 2024, 18:03

Type Values Removed Values Added
CPE cpe:2.3:a:opentext:netiq_advance_authentication:*:*:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*
First Time Microfocus
Microfocus netiq Advanced Authentication

12 Sep 2024, 15:05

Type Values Removed Values Added
First Time Opentext netiq Advance Authentication
Opentext
CWE CWE-79
CVSS v2 : unknown
v3 : 6.2 		v2 : unknown
v3 : 8.2
References () https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html - () https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html - Release Notes
CPE cpe:2.3:a:opentext:netiq_advance_authentication:*:*:*:*:*:*:*:*

28 Aug 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross site scripting identificada en la autenticación avanzada de NetIQ que afecta la funcionalidad del servidor y revela información confidencial. Este problema afecta a la autenticación avanzada de NetIQ anterior a 6.3.5.1

28 Aug 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-28 07:15

Updated : 2024-09-13 18:03

NVD link : CVE-2021-38122

Mitre link : CVE-2021-38122

CVE.ORG link : CVE-2021-38122

JSON object : View

Products Affected

microfocus

  • netiq_advanced_authentication
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-20

Improper Input Validation