cnvd - cnvd-2024-38202

CNVD-2024-38202

Vulnerability from cnvd - Published: 2024-09-14

Title

NetIQ Advanced Authentication信息泄露漏洞

Description

NetIQ Advanced Authentication是英国NetIQ公司的一个应用软件。提供了从用户名和密码转移到一种更安全的方式来保护您的敏感信息。 NetIQ Advance Authentication 6.3.5.1之前版本存在信息泄露漏洞，攻击者可利用该漏洞可能导致敏感数据泄露给未经授权的用户。

Severity

中

Patch Name

NetIQ Advanced Authentication信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

Reference

https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

Impacted products

Name
NetIQ Advanced Authentication <6.3.5.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22509",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22509"
    }
  },
  "description": "NetIQ Advanced Authentication\u662f\u82f1\u56fdNetIQ\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4ece\u7528\u6237\u540d\u548c\u5bc6\u7801\u8f6c\u79fb\u5230\u4e00\u79cd\u66f4\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4\u60a8\u7684\u654f\u611f\u4fe1\u606f\u3002\n\nNetIQ Advance Authentication 6.3.5.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u654f\u611f\u6570\u636e\u6cc4\u9732\u7ed9\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38202",
  "openTime": "2024-09-14",
  "patchDescription": "NetIQ Advanced Authentication\u662f\u82f1\u56fdNetIQ\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4ece\u7528\u6237\u540d\u548c\u5bc6\u7801\u8f6c\u79fb\u5230\u4e00\u79cd\u66f4\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4\u60a8\u7684\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nNetIQ Advance Authentication 6.3.5.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u654f\u611f\u6570\u636e\u6cc4\u9732\u7ed9\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NetIQ Advanced Authentication\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NetIQ Advanced Authentication \u003c6.3.5.1"
  },
  "referenceLink": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-08-30",
  "title": "NetIQ Advanced Authentication\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2021-22509 (GCVE-0-2021-22509)

Vulnerability from cvelistv5 – Published: 2024-08-28 06:29 – Updated: 2024-08-28 13:31

Summary

A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

CWE

CWE-312 - Cleartext Storage of Sensitive Information

Assigner

OpenText

References

URL

Tags

https://www.netiq.com/documentation/advanced-auth…

Impacted products

	Vendor	Product	Version
	OpenText	NetIQ Advance Authentication	Affected: 6.3.5.1 , < < (server)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "netiq_advanced_authentication",
            "vendor": "microfocus",
            "versions": [
              {
                "lessThan": "6.3.5.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-22509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T13:31:35.510887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T13:31:40.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux",
            "Windows",
            "MacOS"
          ],
          "product": "NetIQ Advance Authentication",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "\u003c",
              "status": "affected",
              "version": "6.3.5.1",
              "versionType": "server"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-191",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312 Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T06:29:42.838Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Handling of sensitive data in process memory in NetIQ Advance Authentication",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2021-22509",
    "datePublished": "2024-08-28T06:29:42.838Z",
    "dateReserved": "2021-01-05T18:14:04.349Z",
    "dateUpdated": "2024-08-28T13:31:40.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-38202

CVE-2021-22509 (GCVE-0-2021-22509)

Tags

Sightings

Nomenclature