CVE-2021-22506

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0....

Basic Information

CVE State: PUBLISHED
Reserved Date: January 05, 2021
Published Date: March 26, 2021
Last Updated: February 06, 2025
Vendor: n/a
Product: Access Manager.
Description: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source

References

https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

January 05, 2021
CVE Published to Public

March 26, 2021
Added to KEVIntel

November 03, 2021