Potential information disclosure vulnerability (CVE-2021-22535)

  • 7025273
  • 14-Sep-2021
  • 14-Sep-2021

Environment

DRA versions prior to 10.1 Patch 1

Situation

A potential unauthorized information security disclosure vulnerability impacts DRA versions noted above.

Potential Security Impact:  Local

Resolution

Update to Directory and Resource Administrator 10.1 Patch 1 (version 10.1.0.1) available from Software Licenses and Downloads (SLD).

Status

Security Alert

Additional Information

CVSS Version 3.1 Metrics

Reference

V3.1 Vector

V3.1 Base Score

CVE-2021-22535

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

4.0

Credit

Micro Focus would like to thank Bill Stewart from CNI (contractor for U.S. Indian Health Service) for responsibly disclosing this vulnerability.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.