Backup Functionality Vulnerable to Bash Command Injection via Improper Command Parameter Handling
CVE-2021-38120

7.2HIGH

Key Information:

Vendor: Opentext
Status: Netiq Advance Authentication
Vendor: CVE Published:; 28 August 2024

Summary

A vulnerability in NetIQ Advance Authentication has been identified, allowing for potential bash command injection via improperly handled command parameters. This flaw specifically affects the backup functionalities under administrative control. Administrators utilizing versions of NetIQ Advance Authentication prior to 6.3.5.1 are at risk, as this vulnerability may enable attackers to execute arbitrary commands, thereby compromising the security of the system.

Affected Version(s)

NetIQ Advance Authentication Linux 6.3.5.1

References

https://www.netiq.com/documentation/advanced-authenticati...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
Aug 4, 2021