CVE-2021-38120 MEDIUM

CVE-2021-38120: Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

Vendor Opentext
Product NetIQ Advance Authentication
Weakness CWE-77
Published August 28, 2024
Last update August 28, 2024

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

Key dates

02Disclosure timeline

August 28, 2024 CVE published
August 28, 2024 Record updated