Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for netiq_self_service_password_reset by microfocus

    CVE-2020-11850 (GCVE-0-2020-11850)

    Vulnerability from nvd – Published: 2024-08-21 12:52 – Updated: 2024-08-21 13:37
    VLAI
    Title
    Cross site scripting vulnerability in Self Service Password Reset
    Summary
    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Self Service Password Reset Affected: 4.5.0.2 , < < (server)
    Create a notification for this product.
    opentext self_service_password_reset Affected: 0 , < 4.5.0.2 (semver)
    Affected: 0 , < 4.4.0.6 (semver)
        cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "self_service_password_reset",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "4.5.0.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "4.4.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T13:23:10.987824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T13:37:05.195Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Self Service Password Reset",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "4.5.0.2",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Self Service Password Reset before 4.5.0.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.4.0.6\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T12:52:22.890Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross site scripting vulnerability in Self Service Password Reset",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11850",
        "datePublished": "2024-08-21T12:52:22.890Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-21T13:37:05.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11674 (GCVE-0-2019-11674)

    Vulnerability from nvd – Published: 2019-10-22 14:42 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
    Severity
    No CVSS data available.
    CWE
    • Invalid certificate validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Self Service Password Reset (SSPR) versions prior to 4.4.0.4 Affected: All versions prior to 4.4.0.4.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.4.0.4."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid certificate validation.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:52.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.4.0.4."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid certificate validation."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11674",
        "datePublished": "2019-10-22T14:42:32.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11652 (GCVE-0-2019-11652)

    Vulnerability from nvd – Published: 2019-08-14 15:47 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    Impacted products
    Vendor Product Version
    Micro Focus Self Service Password Reset (SSPR) Affected: prior to 4.4.0.3
    Affected: prior to 4.3.0.6
    Affected: prior to 4.2.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Self Service Password Reset (SSPR)",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 4.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "prior to 4.3.0.6"
                },
                {
                  "status": "affected",
                  "version": "prior to 4.2.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:48.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11652",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Self Service Password Reset (SSPR)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 4.4.0.3"
                              },
                              {
                                "version_value": "prior to 4.3.0.6"
                              },
                              {
                                "version_value": "prior to 4.2.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
                },
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
                },
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11652",
        "datePublished": "2019-08-14T15:47:44.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11647 (GCVE-0-2019-11647)

    Vulnerability from nvd – Published: 2019-06-24 15:27 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus Micro Focus NetIQ Self Service Password Reset. Affected: All versions prior to version 4.4
    Create a notification for this product.
    Date Public
    2019-06-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Micro Focus NetIQ Self Service Password Reset.",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.4"
                }
              ]
            }
          ],
          "datePublic": "2019-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:55.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Micro Focus NetIQ Self Service Password Reset.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11647",
        "datePublished": "2019-06-24T15:27:01.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11850 (GCVE-0-2020-11850)

    Vulnerability from cvelistv5 – Published: 2024-08-21 12:52 – Updated: 2024-08-21 13:37
    VLAI
    Title
    Cross site scripting vulnerability in Self Service Password Reset
    Summary
    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Self Service Password Reset Affected: 4.5.0.2 , < < (server)
    Create a notification for this product.
    opentext self_service_password_reset Affected: 0 , < 4.5.0.2 (semver)
    Affected: 0 , < 4.4.0.6 (semver)
        cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "self_service_password_reset",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "4.5.0.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "4.4.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T13:23:10.987824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T13:37:05.195Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Self Service Password Reset",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "4.5.0.2",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Self Service Password Reset before 4.5.0.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.4.0.6\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T12:52:22.890Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross site scripting vulnerability in Self Service Password Reset",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11850",
        "datePublished": "2024-08-21T12:52:22.890Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-21T13:37:05.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11674 (GCVE-0-2019-11674)

    Vulnerability from cvelistv5 – Published: 2019-10-22 14:42 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
    Severity
    No CVSS data available.
    CWE
    • Invalid certificate validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Self Service Password Reset (SSPR) versions prior to 4.4.0.4 Affected: All versions prior to 4.4.0.4.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.4.0.4."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid certificate validation.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:52.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.4.0.4."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid certificate validation."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11674",
        "datePublished": "2019-10-22T14:42:32.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11652 (GCVE-0-2019-11652)

    Vulnerability from cvelistv5 – Published: 2019-08-14 15:47 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    Impacted products
    Vendor Product Version
    Micro Focus Self Service Password Reset (SSPR) Affected: prior to 4.4.0.3
    Affected: prior to 4.3.0.6
    Affected: prior to 4.2.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Self Service Password Reset (SSPR)",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 4.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "prior to 4.3.0.6"
                },
                {
                  "status": "affected",
                  "version": "prior to 4.2.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:48.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11652",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Self Service Password Reset (SSPR)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 4.4.0.3"
                              },
                              {
                                "version_value": "prior to 4.3.0.6"
                              },
                              {
                                "version_value": "prior to 4.2.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
                },
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
                },
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11652",
        "datePublished": "2019-08-14T15:47:44.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11647 (GCVE-0-2019-11647)

    Vulnerability from cvelistv5 – Published: 2019-06-24 15:27 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus Micro Focus NetIQ Self Service Password Reset. Affected: All versions prior to version 4.4
    Create a notification for this product.
    Date Public
    2019-06-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:31.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Micro Focus NetIQ Self Service Password Reset.",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.4"
                }
              ]
            }
          ],
          "datePublic": "2019-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:55.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-11647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Micro Focus NetIQ Self Service Password Reset.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-11647",
        "datePublished": "2019-06-24T15:27:01.000Z",
        "dateReserved": "2019-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:31.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }