Microfocus Netiq_advanced_authentication
11 CVEs affecting Microfocus Netiq_advanced_authentication. Latest disclosed: 2024-08-28. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24468 | Critical | 9.8 | 2023-03-15 | Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 |
CVE-2021-38121 | High | 8.3 | 2024-08-28 | Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. … |
CVE-2021-22530 | High | 8.2 | 2024-08-28 | A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This i… |
CVE-2021-22509 | High | 8.1 | 2024-08-28 | A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user… |
CVE-2021-22529 | Medium | 6.3 | 2024-08-28 | A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version bef… |
CVE-2022-38753 | Medium | 6.3 | 2022-11-28 | This update resolves a multi-factor authentication bypass attack |
CVE-2021-38122 | Medium | 6.2 | 2024-08-28 | A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This iss… |
CVE-2019-11650 | Medium | 5.9 | 2019-07-10 | A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. |
CVE-2021-38120 | Medium | 5.1 | 2024-08-28 | A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper ha… |
CVE-2021-22515 | Medium | 4.8 | 2021-07-12 | Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions pri… |
CVE-2021-22497 | Low | 3.8 | 2021-04-12 | Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. |