CVE-2021-22530

HIGH

NetIQ Advance Authentication <6.3.5.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

Scores

CVSS v3 8.2
EPSS 0.0022
EPSS Percentile 11.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-307 CWE-667
Status published
Products (2)
microfocus/netiq_advanced_authentication 6.3 (7 CPE variants)
microfocus/netiq_advanced_authentication < 6.3
Published Aug 28, 2024
Tracked Since Feb 18, 2026