Vulnerabilities > Microfocus > Netiq Advanced Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2021-22509 | Cleartext Storage of Sensitive Information vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in storing and reusing information in Advance Authentication. | 6.5 |
| 2024-08-28 | CVE-2021-22529 | Unspecified vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. | 5.5 |
| 2024-08-28 | CVE-2021-22530 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. | 9.9 |
| 2024-08-28 | CVE-2021-38120 | Command Injection vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. | 7.2 |
| 2024-08-28 | CVE-2021-38121 | Inadequate Encryption Strength vulnerability in Microfocus Netiq Advanced Authentication Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | 8.8 |
| 2024-08-28 | CVE-2021-38122 | Cross-site Scripting vulnerability in Microfocus Netiq Advanced Authentication A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | 8.2 |
| 2023-03-15 | CVE-2023-24468 | Unspecified vulnerability in Microfocus Netiq Advanced Authentication Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | 9.8 |
| 2022-11-28 | CVE-2022-38753 | Unspecified vulnerability in Microfocus Netiq Advanced Authentication This update resolves a multi-factor authentication bypass attack | 6.3 |
| 2021-07-12 | CVE-2021-22515 | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
| 2021-04-12 | CVE-2021-22497 | Improper Authentication vulnerability in Microfocus Netiq Advanced Authentication Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. | 7.2 |