Privileged Escalation Vulnerability (CVE-2021-22521)

  • Document ID:7025205
  • Creation Date:21-Jul-2021
  • Modified Date:22-Jul-2021
    • Micro Focus Products:
      ZENworks Configuration Management
      ZENworks Endpoint Security Management

Environment

ZENworks Configuration Management 2020 Update 1 and all prior versions 
ZENworks Endpoint Security Management 2020 Update 1 and all prior versions

Situation

A privileged escalation vulnerability has been identified in the ZENworks Configuration Management and ZENworks Endpoint Security Management products. The vulnerability could be exploited to gain unauthorized system privileges.

Potential Security Impact: Local Vulnerability

Resolution

Micro Focus has made patches available for the following versions: 
  • ZENworks Configuration Management 2020 Update 1, 2020, 2017 Update 4 FRU1 and 2017 Update 4. 
  • ZENworks Endpoint Security Management 2020 Update 1, 2020, 2017 Update 4 FRU1 and 2017 Update 4. 
Customers are requested to contact Micro Focus Support at the earliest to obtain the patches and steps to mitigate the vulnerability, and deploy the patches in their environment as soon as possible.

Status

Security Alert

Additional Information

CVSS Version 3.1 Metrics:

Reference

V3 Vector

V3 Base Score

CVE-2021-22521

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.2