CVE-2021-22506
published 2021-03-26CVE-2021-22506: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The…
PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
25.70%
97.7th percentile
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microfocus | access_manager | < 5.0 | 5.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability involves a SAML service provider redirection issue — monitor for anomalous or unexpected Assertion Consumer Service (ACS) URL values in SAML authentication requests, particularly those redirecting to external or unregistered endpoints. ↗
- →Audit and monitor Micro Focus Access Manager advance configuration endpoints for unauthorized access or unexpected information disclosure responses. ↗
- ·All versions of Micro Focus Access Manager prior to version 5.0 are affected; upgrade to 5.0 or later per vendor instructions. ↗
- ·The vulnerability is triggered via the Assertion Consumer Service URL in SAML SP flows — review and restrict ACS URL configurations to only trusted, registered endpoints. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c5q3-mm7r-f42w: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5
ghsa_unreviewed·2022-05-24
CVE-2021-22506 [HIGH] CWE-200 GHSA-c5q3-mm7r-f42w: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
VulnCheck
Micro Focus Access Manager Information Leakage Vulnerability
vulncheck·2021·CVSS 7.5
CVE-2021-22506 [HIGH] Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Affected: Micro Focus Micro Focus Access Manager
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
CISA
Micro Focus Access Manager Information Leakage Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2021-22506 [HIGH] Micro Focus Access Manager Information Leakage Vulnerability
Vulnerability: Micro Focus Access Manager Information Leakage Vulnerability
Affected: Micro Focus Micro Focus Access Manager
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-22506
Remediation Due Date: 2021-11-17
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.htmlhttps://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506
2021-03-26
Published
2021-11-03
Added to CISA KEV
Exploited in the wild