Potential information disclosure vulnerability (CVE-2021-22535)

  • Document ID:7025273
  • Creation Date:14-Sep-2021
  • Modified Date:14-Sep-2021
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

DRA versions prior to 10.1 Patch 1

Situation

A potential unauthorized information security disclosure vulnerability impacts DRA versions noted above.

Potential Security Impact:  Local

Resolution

Update to Directory and Resource Administrator 10.1 Patch 1 (version 10.1.0.1) available from Software Licenses and Downloads (SLD).

Status

Security Alert

Additional Information

CVSS Version 3.1 Metrics

Reference

V3.1 Vector

V3.1 Base Score

CVE-2021-22535

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

4.0

Credit

Micro Focus would like to thank Bill Stewart from CNI (contractor for U.S. Indian Health Service) for responsibly disclosing this vulnerability.