Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22530

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

Published

2024-08-28T07:15:06.750

Last Modified

2024-09-13T17:15:29.670

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-667
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microfocus	netiq_advanced_authentication	< 6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes
Application	microfocus	netiq_advanced_authentication	6.3	Yes

References

https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html Release Notes ([email protected])