A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
References
Configurations
Configuration 1 (hide)
|
History
13 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
References | () https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html - Release Notes | |
CPE | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:* cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:* |
|
CWE | CWE-307 | |
First Time |
Microfocus
Microfocus netiq Advanced Authentication |
28 Aug 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Aug 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-28 07:15
Updated : 2024-09-13 17:15
NVD link : CVE-2021-22530
Mitre link : CVE-2021-22530
CVE.ORG link : CVE-2021-22530
JSON object : View
Products Affected
microfocus
- netiq_advanced_authentication