The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2021-12-09T00:00:00
Updated: 2021-12-15T18:05:16
Reserved: 2021-11-16T00:00:00
Link: CVE-2021-43935
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-15T19:15:15.873
Modified: 2022-07-25T10:39:49.333
Link: CVE-2021-43935
JSON object: View
Redhat Information
No data.