9.9
CVE-2021-22530
- EPSS 0.07%
- Published 28.08.2024 07:15:06
- Last modified 13.09.2024 17:15:29
- Source security@opentext.com
- Teams watchlist Login
- Open Login
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Data is provided by the National Vulnerability Database (NVD)
Microfocus ≫ Netiq Advanced Authentication Version < 6.3
Microfocus ≫ Netiq Advanced Authentication Version6.3 Update-
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp1
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp2
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp3
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp4
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp4_patch1
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.215 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.9 | 5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
|
| security@opentext.com | 8.2 | 2.3 | 5.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.