Potential injection vulnerability (CVE-2021-22524)

Document ID:7025256
Creation Date:24-Aug-2021
Modified Date:24-Aug-2021
- Micro Focus Products:
  Access Manager (NAM)

Environment

Access Manager versions prior to 4.5.4

Access Manager versions prior to 5.0.1

Situation

A potential injection vulnerability could cause denial of service.

Potential Security Impact: Remote Vulnerability

Resolution

Download and apply 5.0 Service Pack 1, available from the Software Licenses and Downloads portal.

Status

Security Alert

Additional Information

Access Manager 5.0.1 Release Notes

CVSS Version 3.1 Metrics

Reference	V3.1 Vector	V3.1 Base Score
CVE-2021-22524	3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H	5.4

Note: Above is basic score vectors only. If there’s a need, optionally you can add also Temporal and Environmental vectors (see the CVSS 3.1 calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).

Credit

Special thanks to Sipke Mellema for responsibly disclosing this vulnerability.