Remote Denial of Service Vulnerability in HPE IceWall SSO Agent and MFA
CVE-2019-11989

5.9MEDIUM

Key Information:

Vendor: HP
Status: Icewall Sso Agent Option; HPe Icewall Mfa 4.0ee Mfa. Server Ltu; HPe Icewall.mfa4.0se Mfa. Server Ltu
Vendor: CVE Published:; 19 July 2019

What is CVE-2019-11989?

A security vulnerability exists in the HPE IceWall SSO Agent and MFA, potentially allowing attackers to exploit it remotely, leading to a denial of service. The affected modules, including various versions tailored for different platforms such as Apache, IIS, and RHEL, could result in critical downtime for services relying on this authentication technology. System administrators should promptly assess their current installations and apply necessary patches to mitigate risks.

Affected Version(s)

IceWall SSO Agent Option; HPE IceWall MFA 4.0EE MFA. Server LTU; HPE IceWall.MFA4.0SE MFA. Server LTU Server LTU,10.0 (RHEL, HP-UX, Windows) and 11.0 (RHEL)

IceWall SSO Agent Option; HPE IceWall MFA 4.0EE MFA. Server LTU; HPE IceWall.MFA4.0SE MFA. Server LTU (MFA Proxy)

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2019
Vulnerability Reserved
May 13, 2019