Description
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L
- Attack Vector
- local
- Complexity
- high
- Privileges
- high
- User Action
- required
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- high
- Availability
- low
- Weaknesses
- CWE-77CWE-77
Metadata
- Primary Vendor
- MICROFOCUS
- Published
- 8/28/2024
- Last Modified
- 9/13/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
microfocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authenticationmicrofocus : netiq_advanced_authentication
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.