Potential information leakage vulnerability (CVE-2021-22525)

  • Document ID:7025254
  • Creation Date:23-Aug-2021
  • Modified Date:24-Aug-2021
    • Micro Focus Products:
      Access Manager (NAM)

Environment

Access Manager versions prior to 4.5.4
Access Manager versions prior to 5.0.1

Situation

A potential vulnerability may lead to a disclosure of sensitive information.

Potential Security Impact: Local Vulnerability

Resolution

Download and apply 5.0 Service Pack 1, available from the Software Licenses and Downloads portal.

Status

Security Alert

Additional Information

Access Manager 5.0.1 Release Notes

CVSS Version 3.1 Metrics

Reference

V3.1 Vector

V3.1 Base Score

CVE-2021-22525

3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

2.2


Note: Above is basic score vectors only. If there’s a need, optionally you can add also Temporal and Environmental vectors  (see the CVSS 3.1 calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).