CVE-2021-22506
Vulnerability from cvelistv5
Published
2021-03-26 13:37
Modified
2024-08-03 18:44
Severity
Summary
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
References
Impacted products
Vendor | Product |
---|---|
n/a | Access Manager. |
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2021-11-03
Due date: 2021-11-17
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:44:14.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Access Manager.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All version prior version 5.0." } ] } ], "descriptions": [ { "lang": "en", "value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Leakage", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-26T13:37:22", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@microfocus.com", "ID": "CVE-2021-22506", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Access Manager.", "version": { "version_data": [ { "version_value": "All version prior version 5.0." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Leakage" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html", "refsource": "MISC", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2021-22506", "datePublished": "2021-03-26T13:37:22", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:44:14.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "cisa_known_exploited": { "cveID": "CVE-2021-22506", "dateAdded": "2021-11-03", "dueDate": "2021-11-17", "knownRansomwareCampaignUse": "Unknown", "notes": "", "product": "Micro Focus Access Manager", "requiredAction": "Apply updates per vendor instructions.", "shortDescription": "Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.", "vendorProject": "Micro Focus", "vulnerabilityName": "Micro Focus Access Manager Information Leakage Vulnerability" }, "nvd": "{\"cve\":{\"id\":\"CVE-2021-22506\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2021-03-26T14:15:11.967\",\"lastModified\":\"2024-07-26T20:01:47.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Micro Focus Access Manager Information Leakage Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.\"},{\"lang\":\"es\",\"value\":\"Una configuraci\u00f3n avanzada que expone una vulnerabilidad de Filtrado de Informaci\u00f3n en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0.\u0026#xa0;La vulnerabilidad podr\u00eda causar un filtrado de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0\",\"matchCriteriaId\":\"B3A53E36-0652-4D66-B500-588777280039\"}]}]}],\"references\":[{\"url\":\"https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html\",\"source\":\"security@opentext.com\",\"tags\":[\"Release Notes\"]}]}}" } }
Loading...