NetIQ Advance Authentication <6.3.5.1 API Login Lockout Bypass
CVE-2021-22530 Published on August 28, 2024

Improper account management vulnerability in NetIQ Advance Authentication
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

NVD

Vulnerability Analysis

CVE-2021-22530 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.


Products Associated with CVE-2021-22530

Want to know whenever a new CVE is published for Micro Focus Netiq Advanced Authentication? stack.watch will email you.

Micro Focus Netiq Advanced Authentication
 

Affected Versions

OpenText NetIQ Advance Authentication:

Exploit Probability

EPSS
0.09%
Percentile
25.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.