NetIQ Advance Authentication Vulnerability Could Lead to User Account Compromise or Server Performance Issues
CVE-2021-22530

9.9CRITICAL

Key Information:

Vendor: Opentext
Status: Netiq Advance Authentication
Vendor: CVE Published:; 28 August 2024

Summary

A critical security flaw exists in NetIQ Advance Authentication, which fails to implement effective account lockout mechanisms during brute force attacks on API logins. This oversight may allow unauthorized users to gain access to accounts by incrementally guessing credentials, thereby risking user account compromise and potentially degrading server performance. All versions of NetIQ Advance Authentication prior to 6.3.5.1 are affected, emphasizing the importance of maintaining updated software to mitigate risks associated with this vulnerability.

Affected Version(s)

NetIQ Advance Authentication Linux 6.3.5.1

References

https://www.netiq.com/documentation/advanced-authenticati...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
Jan 5, 2021