CVE-2021-22530

HIGH

NetIQ Advance Authentication <6.3.5.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

References (1)

Core 1

Scores

CVSS v3 8.2
EPSS 0.0009
EPSS Percentile 25.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-667 CWE-307
Status published
Products (2)
microfocus/netiq_advanced_authentication 6.3 (7 CPE variants)
microfocus/netiq_advanced_authentication < 6.3
Published Aug 28, 2024
Tracked Since Feb 18, 2026