8.2
CVE-2021-38122
- EPSS 0.14%
- Published 28.08.2024 07:15:08
- Last modified 13.09.2024 18:03:49
- Source security@opentext.com
- Teams watchlist Login
- Open Login
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
Data is provided by the National Vulnerability Database (NVD)
Microfocus ≫ Netiq Advanced Authentication Version < 6.3
Microfocus ≫ Netiq Advanced Authentication Version6.3 Update-
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp1
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp2
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp3
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp4
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp4_patch1
Microfocus ≫ Netiq Advanced Authentication Version6.3 Updatesp5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.344 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
| security@opentext.com | 6.2 | 1 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.