{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-38120","assignerOrgId":"f81092c5-7f14-476d-80dc-24857f90be84","state":"PUBLISHED","assignerShortName":"OpenText","dateReserved":"2021-08-04T20:57:01.489Z","datePublished":"2024-08-28T06:28:55.684Z","dateUpdated":"2024-08-28T13:32:17.979Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"NetIQ Advance Authentication","vendor":"OpenText","versions":[{"lessThan":"<","status":"affected","version":"6.3.5.1","versionType":"server"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in <i>provided&nbsp;</i>command parameters. <span style=\"background-color: var(--wht);\">This issue affects NetIQ Advance Authentication version before 6.3.5.1.</span>"}],"value":"A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper\nhandling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1."}],"impacts":[{"capecId":"CAPEC-253","descriptions":[{"lang":"en","value":"CAPEC-253 Remote Code Inclusion"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":5.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f81092c5-7f14-476d-80dc-24857f90be84","shortName":"OpenText","dateUpdated":"2024-08-28T06:28:55.684Z"},"references":[{"url":"https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html"}],"source":{"discovery":"UNKNOWN"},"title":"Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-28T13:19:09.339664Z","id":"CVE-2021-38120","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-28T13:32:17.979Z"}}]}}