CVE-2021-22530
Last modified
CVE-2021-22530 is a critical-severity vulnerability rated 9.9/10 on the CVSS scale. A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Netiq Advanced Authentication | < 6.3 |
| Microfocus | Netiq Advanced Authentication | 6.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2021-22530?
How severe is CVE-2021-22530?
How do I fix CVE-2021-22530?
Are you affected by CVE-2021-22530?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST