CVE-2021-22497

LOW

Advanced Authentication <6.3 SP4 - Auth Bypass

Title source: llm

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.

Core 1

Core References

Various Sources x_refsource_confirm

CVSS v3 3.8

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-287

Status published

Products (2)

microfocus/netiq_advanced_authentication 6.3 (4 CPE variants)

microfocus/netiq_advanced_authentication < 6.3

Published Apr 12, 2021

Tracked Since Feb 18, 2026