CVE-2021-22503 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2021-22503?

CVE-2021-22503 has a CVSS score of 5.4 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in OpenText eDirectory that allows attackers to inject malicious scripts into web pages. It affects eDirectory 9.2.3.0000 installations with web interfaces. Attackers could execute arbitrary JavaScript in the context of users' browsers.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in OpenText eDirectory that allows attackers to inject malicious scripts into web pages. It affects eDirectory 9.2.3.0000 installations with web interfaces. Attackers could execute arbitrary JavaScript in the context of users' browsers.

💻 Affected Systems

Products:

OpenText eDirectory

Versions: 9.2.3.0000

Operating Systems: All platforms running eDirectory

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with web management interfaces enabled. Console/CLI access is not affected.

📦 What is this software?

Edirectory by Microfocus

View all CVEs affecting Edirectory →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of eDirectory web interface pages.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, or if the web interface is not exposed.

🌐 Internet-Facing: HIGH - Web applications with XSS vulnerabilities exposed to the internet are prime targets for automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity. The advisory suggests authentication is required, but this could be combined with other vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.4 or later

Vendor Advisory: https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html

Restart Required: Yes

Instructions:

1. Download eDirectory 9.2.4 or later from OpenText support portal. 2. Backup current configuration and data. 3. Run the installer/upgrade package. 4. Restart eDirectory services.

🔧 Temporary Workarounds

Disable Web Interface

all

Temporarily disable the eDirectory web management interface if not required

# Stop web service or disable in configuration

Implement WAF Rules

all

Configure web application firewall to block XSS payloads

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers
Restrict network access to eDirectory web interface using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check eDirectory version via administration console or command: ndsconfig get | grep Version

Check Version:

ndsconfig get | grep 'Version'

Verify Fix Applied:

Verify version is 9.2.4 or later and test web interface for XSS payloads

📡 Detection & Monitoring

Log Indicators:

Unusual long parameter values in web logs
JavaScript patterns in URL parameters
Multiple failed authentication attempts followed by successful ones

Network Indicators:

HTTP requests with script tags in parameters
Unusual outbound connections from eDirectory server

SIEM Query:

web_logs WHERE url CONTAINS '<script' OR url CONTAINS 'javascript:' OR parameter_length > 1000

📊 Metadata

CVE ID: CVE-2021-22503

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 12, 2024

Last Updated: September 19, 2024

🔗 References

https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22503, you might also want to check these: