Microfocus Netiq Advanced Authentication — known CVE vulnerabilities
Every CVE whose affected-product data names Microfocus Netiq Advanced Authentication, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-38121 — CVSS 8.3 (high): Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is…
CVE-2021-22530 — CVSS 8.2 (high): A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API…
CVE-2021-22509 — CVSS 8.1 (high): A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data…
CVE-2021-22529 — CVSS 6.3 (medium): A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance…
CVE-2021-38122 — CVSS 6.2 (medium): A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive…
CVE-2019-11650 — CVSS 5.9 (medium): A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
CVE-2021-38120 — CVSS 5.1 (medium): A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of…
CVE-2021-22515 — CVSS 4.8 (medium): Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced…
CVE-2021-22497 — CVSS 3.8 (low): Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.