CVE-2021-22506

CVSS 7.5 HIGHEPSS 25.7%● KEV

In short

A misconfiguration in Micro Focus Access Manager versions before 5.0 can expose sensitive information to unauthorized users. This happens when advanced settings are not properly secured, allowing attackers to access data they shouldn't.

Technical detail

An improper access control configuration in Micro Focus Access Manager prior to version 5.0 permits information disclosure through exposed advanced configuration settings. The vulnerability requires network access to the affected service; no authentication may be required depending on deployment. Successful exploitation results in unauthorized access to sensitive data handled by the access management system.

Summary generated and translated by AI from the official description.

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · Access Manager.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html