Potential information leakage vulnerability (CVE-2021-22527)

  • Document ID:7025258
  • Creation Date:24-Aug-2021
  • Modified Date:24-Aug-2021
    • Micro Focus Products:
      Access Manager (NAM)

Environment

Access Manager versions prior to 4.5.4
Access Manager versions prior to 5.0.1

Situation

A potential information leakage issue exists in the product versions listed above.

Potential Security Impact: Remote Vulnerability 

Resolution

Download and apply 5.0 Service Pack 1, available from the Software Licenses and Downloads portal.

Status

Security Alert

Additional Information

Access Manager 5.0.1 Release Notes

CVSS Version 3.1 Metrics

Reference

V3.1 Vector

V3.1 Base Score

CVE-2021-22527

3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

6.0


Note: Above is basic score vectors only. If there’s a need, optionally you can add also Temporal and Environmental vectors  (see the CVSS 3.1 calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).