CVE-2021-22530: Improper account management vulnerability in NetIQ Advance Authentication
First published: Wed Aug 28 2024(Updated: )
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Credit: security@opentext.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microfocus Netiq Advanced Authentication | <6.3 | |
| Microfocus Netiq Advanced Authentication | =6.3 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp1 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp2 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp3 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp4 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp4_patch1 | |
| Microfocus Netiq Advanced Authentication | =6.3-sp5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22530?
The severity of CVE-2021-22530 is high due to the risk of user account compromise.
How do I fix CVE-2021-22530?
To fix CVE-2021-22530, update NetIQ Advanced Authentication to version 6.3 or later with appropriate patches applied.
What is the impact of CVE-2021-22530?
CVE-2021-22530 may lead to user account compromise and can also impact server performance during brute force attacks.
Which versions of NetIQ Advanced Authentication are affected by CVE-2021-22530?
CVE-2021-22530 affects all versions of NetIQ Advanced Authentication prior to 6.3.
Is there a workaround for CVE-2021-22530?
Currently, there is no known workaround for CVE-2021-22530 other than applying the latest updates and patches.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/microfocus
- canonical/microfocus netiq advanced authentication
- version/microfocus netiq advanced authentication/6.3
- version/microfocus netiq advanced authentication/6.3-sp1
- version/microfocus netiq advanced authentication/6.3-sp2
- version/microfocus netiq advanced authentication/6.3-sp3
- version/microfocus netiq advanced authentication/6.3-sp4
- version/microfocus netiq advanced authentication/6.3-sp4_patch1
- version/microfocus netiq advanced authentication/6.3-sp5