Insufficient TLS Protocol Version Risk Affects Authentication Client Server Communication
CVE-2021-38121

8.8HIGH

Key Information:

Vendor: Opentext
Status: Netiq Advance Authentication
Vendor: CVE Published:; 28 August 2024

Summary

The vulnerability arises from the use of insufficient or weak TLS protocol versions in the NetIQ Advanced Authentication client-server communication. This weakness can potentially allow attackers to exploit the specific service accessed between devices, making the system vulnerable to interception and unauthorized access. It is crucial for users running versions of NetIQ Advanced Authentication earlier than 6.3.5.1 to address this issue promptly to enhance the security of their authentication systems.

Affected Version(s)

NetIQ Advance Authentication Windows 6.3.5.1

References

https://www.netiq.com/documentation/advanced-authenticati...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
Aug 4, 2021