CVE-2021-22515 MEDIUM

CVE-2021-22515: Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server

Vendor Micro Focus
Product NetIQ Advanced Authentication
Published July 12, 2021
Last update September 17, 2024

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

Key dates

02Disclosure timeline

July 12, 2021 CVE published
September 17, 2024 Record updated