Microfocus Netiq_advanced_authentication

11 CVEs affecting Microfocus Netiq_advanced_authentication. Latest disclosed: 2024-08-28. Critical: 1, High: 3.

Top CVEs affecting Microfocus Netiq_advanced_authentication
CVESeverityScorePublishedSummary
CVE-2023-24468Critical9.82023-03-15Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2021-38121High8.32024-08-28Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. …
CVE-2021-22530High8.22024-08-28A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This i…
CVE-2021-22509High8.12024-08-28A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user…
CVE-2021-22529Medium6.32024-08-28A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version bef…
CVE-2022-38753Medium6.32022-11-28This update resolves a multi-factor authentication bypass attack
CVE-2021-38122Medium6.22024-08-28A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This iss…
CVE-2019-11650Medium5.92019-07-10A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
CVE-2021-38120Medium5.12024-08-28A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper ha…
CVE-2021-22515Medium4.82021-07-12Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions pri…
CVE-2021-22497Low3.82021-04-12Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.