CVE-2021-38120 Vulnerability Details

  /     /     /  

CVE-2021-38120 Metadata Quick Info

CVE Published: 28/08/2024 | CVE Updated: 28/08/2024 | CVE Year: 2021
Source: OpenText | Vendor: OpenText | Product: NetIQ Advance Authentication
Status : PUBLISHED

---

CVE-2021-38120 Description

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

Metrics

CVSS Version: 3.1 | Base Score: 5.1 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-77
CWE Name: CWE-77 Improper Neutralization of Special Elements used in a Command ( Command Injection )
Source: OpenText

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-253
CAPEC Description: CAPEC-253 Remote Code Inclusion


Source: NVD (National Vulnerability Database).