CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22509 – Handling of sensitive data in process memory in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22509
28 Aug 2024 — A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22529 – Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22529
28 Aug 2024 — A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22530 – Improper account management vulnerability in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22530
28 Aug 2024 — A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-667: Improper Locking •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38120 – Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38120
28 Aug 2024 — A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authenticat... • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38121 – Weak communication protocol identified in Advance Authentication client application
https://notcve.org/view.php?id=CVE-2021-38121
28 Aug 2024 — Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-326: Inadequate Encryption Strength •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38122 – Cross-Site Scripting (XSS) in Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38122
28 Aug 2024 — A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38753
https://notcve.org/view.php?id=CVE-2022-38753
28 Nov 2022 — This update resolves a multi-factor authentication bypass attack Esta actualización resuelve un ataque de omisión de autenticación multifactor • https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22515 – Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server
https://notcve.org/view.php?id=CVE-2021-22515
12 Jul 2021 — Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Una funcionalidad de Autenticación Multifactor (MFA) puede ser omitida, permitiendo el uso de la autenticación de un solo factor en NetIQ Advanced Authentication versiones anteriores a 6.3 SP4 Parche 1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22497 – Advanced Authentication Improper Session Management
https://notcve.org/view.php?id=CVE-2021-22497
12 Apr 2021 — Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. Advanced Authentication versiones anteriores a 6.3, SP4, presentan una posible autenticación rota debido a un problema de administración de sesión inapropiada • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11650
https://notcve.org/view.php?id=CVE-2019-11650
10 Jul 2019 — A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. Se encontró un potencial ataque de tipo Man in the Middle (MITM) en NetIQ Advanced Authentication Framework versiones anteriores a 6.0. • https://www.netiq.com/documentation/advanced-authentication-60/advanced-authentication-releasenotes-60/data/advanced-authentication-releasenotes-60.html#t49vfiy1udvg •