Cross-Site Scripting Vulnerability (CVE-2021-22528)

  • Document ID:7025259
  • Creation Date:24-Aug-2021
  • Modified Date:24-Aug-2021
    • Micro Focus Products:
      Access Manager (NAM)

Environment

Access Manager versions prior to 4.5.4
Access Manager versions prior to 5.0.1

Situation

A potential cross site scripting (XSS) vulnerability exists in the above listed versions.

Potential Security Impact: Remote Vulnerability

Resolution

Download and apply 5.0 Service Pack 1, available from the Software Licenses and Downloads portal.

Status

Security Alert

Additional Information

Access Manager 5.0.1 Release Notes

CVSS Version 3.1 Metrics

Reference

V3.1 Vector

V3.1 Base Score

CVE-2021-22528

3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

7.3


Note: Above is basic score vectors only. If there’s a need, optionally you can add also Temporal and Environmental vectors  (see the CVSS 3.1 calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).

Credit

Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously.