Lucene search

MicrofocusCVELIST:CVE-2021-22515

HistoryJul 12, 2021 - 10:04 a.m.

CVE-2021-22515 Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server

2021-07-1210:04:15

microfocus

www.cve.org

netiq

advanced authentication

mfa bypass

single factor authentication

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

CNA Affected

[
  {
    "product": "NetIQ Advanced Authentication",
    "vendor": "Micro Focus",
    "versions": [
      {
        "lessThan": "6.3 SP4 Patch 1",
        "status": "affected",
        "version": "NetIQ Advanced Authentication",
        "versionType": "custom"
      }
    ]
  }
]

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-22515