CVE-2021-22506

Warning

EPSS 37.55%
Published 26.03.2021 14:15:11
Last modified 12.03.2025 20:57:33
Source security@opentext.com
Teams watchlist Login
Open Login

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

Affected products Warnungen 1 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Microfocus ≫ Access Manager Version < 5.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Micro Focus Access Manager Information Leakage Vulnerability

Vulnerability

Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	37.55%	0.968

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-22506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22506

EUVD