NetIQ Advance Auth Bash Cmd Injection pre-6.3.5.1
CVE-2021-38120 Published on August 28, 2024
Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Vulnerability Analysis
CVE-2021-38120 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2021-38120 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2021-38120
stack.watch emails you whenever new vulnerabilities are published in Micro Focus Netiq Advance Authentication or Micro Focus Netiq Advanced Authentication. Just hit a watch button to start following.
Affected Versions
OpenText NetIQ Advance Authentication:- Version 6.3.5.1 and below < is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.