Vulnerability-Lookup

CVE-2021-38121 (GCVE-0-2021-38121)

Vulnerability from cvelistv5 – Published: 2024-08-28 06:28 – Updated: 2024-08-28 13:29

Title

Weak communication protocol identified in Advance Authentication client application

Summary

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

CWE

CWE-326 - Inadequate Encryption Strength

Assigner

OpenText

References

URL

Tags

https://www.netiq.com/documentation/advanced-auth…

Impacted products

	Vendor	Product	Version
	OpenText	NetIQ Advance Authentication	Affected: 6.3.5.1 , < < (server)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "netiq_advanced_authentication",
            "vendor": "microfocus",
            "versions": [
              {
                "lessThan": "6.3.5.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-38121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T13:28:39.335154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T13:29:45.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "NetIQ Advance Authentication",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "\u003c",
              "status": "affected",
              "version": "6.3.5.1",
              "versionType": "server"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u0026nbsp; This issue affects NetIQ Advance Authentication versions before 6.3.5.1\u003cbr\u003e"
            }
          ],
          "value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-217",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-217 Exploiting Incorrectly Configured SSL/TLS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326 Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T06:28:43.452Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Weak communication protocol identified in Advance Authentication client application",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2021-38121",
    "datePublished": "2024-08-28T06:28:43.452Z",
    "dateReserved": "2021-08-04T20:57:01.489Z",
    "dateUpdated": "2024-08-28T13:29:45.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-38121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-28T13:28:39.335154Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*\"], \"vendor\": \"microfocus\", \"product\": \"netiq_advanced_authentication\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.3.5.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T13:29:40.933Z\"}}], \"cna\": {\"title\": \"Weak communication protocol identified in Advance Authentication client application\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-217\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-217 Exploiting Incorrectly Configured SSL/TLS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenText\", \"product\": \"NetIQ Advance Authentication\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.5.1\", \"lessThan\": \"\u003c\", \"versionType\": \"server\"}], \"platforms\": [\"Windows\", \"Linux\", \"MacOS\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u0026nbsp; This issue affects NetIQ Advance Authentication versions before 6.3.5.1\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-326\", \"description\": \"CWE-326 Inadequate Encryption Strength\"}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2024-08-28T06:28:43.452Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-38121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-28T13:29:45.226Z\", \"dateReserved\": \"2021-08-04T20:57:01.489Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2024-08-28T06:28:43.452Z\", \"assignerShortName\": \"OpenText\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2021-38121

Vulnerability from fkie_nvd - Published: 2024-08-28 07:15 - Updated: 2024-09-13 18:04

Severity ?

8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@opentext.com	https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
microfocus	netiq_advanced_authentication	*
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3
microfocus	netiq_advanced_authentication	6.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8BAEC8-626A-4520-A89F-DB40CC774D87",
              "versionEndExcluding": "6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "689649F7-75D8-4D13-9A71-50C2908EACA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A0F82417-D88A-40C5-AD90-7AB826E29C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0DD98BB8-7A85-41D6-B1CB-7849D61F085A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "729C4860-8CAC-4D4B-8C68-00B1E84E700A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "FEFFEB38-B4CA-48ED-9149-073334346CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B14AC9B7-9339-44BA-BF1B-1876DAFBCA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "4A5CE16C-376A-40C1-83E9-2424AAAB668D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1"
    },
    {
      "lang": "es",
      "value": "Se identifica una versi\u00f3n del protocolo TLS insuficiente o d\u00e9bil en la comunicaci\u00f3n del servidor del cliente de autenticaci\u00f3n avanzada cuando se accede a un servicio espec\u00edfico entre dispositivos. Este problema afecta a las versiones de autenticaci\u00f3n avanzada de NetIQ anteriores a la 6.3.5.1"
    }
  ],
  "id": "CVE-2021-38121",
  "lastModified": "2024-09-13T18:04:16.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-28T07:15:07.807",
  "references": [
    {
      "source": "security@opentext.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-38121

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2021-38121

Aliases

CVE-2021-38121

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-38121",
    "id": "GSD-2021-38121"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-38121"
      ],
      "id": "GSD-2021-38121",
      "modified": "2023-12-13T01:23:17.844965Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-38121",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CNVD-2024-38198

Vulnerability from cnvd - Published: 2024-09-14

Title

NetIQ Advanced Authentication存在未明漏洞（CNVD-2024-38198）

Description

NetIQ Advanced Authentication是英国NetIQ公司的一个应用软件。提供了从用户名和密码转移到一种更安全的方式来保护您的敏感信息。 NetIQ Advanced Authentication 6.3.5.1之前版本存在安全漏洞，该漏洞源于当设备之间访问特定服务时，高级身份验证客户端服务器通信中识别出的TLS协议版本不足或较弱。目前没有详细漏洞细节提供。

Severity

高

Patch Name

NetIQ Advanced Authentication存在未明漏洞（CNVD-2024-38198）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

Reference

https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

Impacted products

Name
NetIQ Advanced Authentication <6.3.5.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-38121",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-38121"
    }
  },
  "description": "NetIQ Advanced Authentication\u662f\u82f1\u56fdNetIQ\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4ece\u7528\u6237\u540d\u548c\u5bc6\u7801\u8f6c\u79fb\u5230\u4e00\u79cd\u66f4\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4\u60a8\u7684\u654f\u611f\u4fe1\u606f\u3002\n\nNetIQ Advanced Authentication 6.3.5.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u8bbe\u5907\u4e4b\u95f4\u8bbf\u95ee\u7279\u5b9a\u670d\u52a1\u65f6\uff0c\u9ad8\u7ea7\u8eab\u4efd\u9a8c\u8bc1\u5ba2\u6237\u7aef\u670d\u52a1\u5668\u901a\u4fe1\u4e2d\u8bc6\u522b\u51fa\u7684TLS\u534f\u8bae\u7248\u672c\u4e0d\u8db3\u6216\u8f83\u5f31\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38198",
  "openTime": "2024-09-14",
  "patchDescription": "NetIQ Advanced Authentication\u662f\u82f1\u56fdNetIQ\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4ece\u7528\u6237\u540d\u548c\u5bc6\u7801\u8f6c\u79fb\u5230\u4e00\u79cd\u66f4\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4\u60a8\u7684\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nNetIQ Advanced Authentication 6.3.5.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u8bbe\u5907\u4e4b\u95f4\u8bbf\u95ee\u7279\u5b9a\u670d\u52a1\u65f6\uff0c\u9ad8\u7ea7\u8eab\u4efd\u9a8c\u8bc1\u5ba2\u6237\u7aef\u670d\u52a1\u5668\u901a\u4fe1\u4e2d\u8bc6\u522b\u51fa\u7684TLS\u534f\u8bae\u7248\u672c\u4e0d\u8db3\u6216\u8f83\u5f31\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NetIQ Advanced Authentication\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2024-38198\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "NetIQ Advanced Authentication \u003c6.3.5.1"
  },
  "referenceLink": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-08-30",
  "title": "NetIQ Advanced Authentication\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2024-38198\uff09"
}

GHSA-X9WR-745J-RM5J

Vulnerability from github – Published: 2024-08-28 09:30 – Updated: 2024-09-12 18:31

Details

Severity ?

8.3 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-38121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-28T07:15:07Z",
    "severity": "HIGH"
  },
  "details": "Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.\u00a0 This issue affects NetIQ Advance Authentication versions before 6.3.5.1",
  "id": "GHSA-x9wr-745j-rm5j",
  "modified": "2024-09-12T18:31:39Z",
  "published": "2024-08-28T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38121"
    },
    {
      "type": "WEB",
      "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-38121 (GCVE-0-2021-38121)

FKIE_CVE-2021-38121

GSD-2021-38121

CNVD-2024-38198

GHSA-X9WR-745J-RM5J

Tags

Sightings

Nomenclature