Search
Find a vulnerability
Search criteria
8 vulnerabilities found for netiq_self_service_password_reset by microfocus
CVE-2020-11850 (GCVE-0-2020-11850)
Vulnerability from nvd – Published: 2024-08-21 12:52 – Updated: 2024-08-21 13:37
VLAI
Title
Cross site scripting vulnerability in Self Service Password Reset
Summary
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Self Service Password Reset |
Affected:
4.5.0.2 , < <
(server)
|
|
| opentext | self_service_password_reset |
Affected:
0 , < 4.5.0.2
(semver)
Affected: 0 , < 4.4.0.6 (semver) cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "self_service_password_reset",
"vendor": "opentext",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "4.4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:23:10.987824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T13:37:05.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Self Service Password Reset",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5.0.2",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Self Service Password Reset before 4.5.0.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.4.0.6\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T12:52:22.890Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross site scripting vulnerability in Self Service Password Reset",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11850",
"datePublished": "2024-08-21T12:52:22.890Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-21T13:37:05.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11674 (GCVE-0-2019-11674)
Vulnerability from nvd – Published: 2019-10-22 14:42 – Updated: 2024-08-04 23:03
VLAI
Summary
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
Severity
No CVSS data available.
CWE
- Invalid certificate validation.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Self Service Password Reset (SSPR) versions prior to 4.4.0.4 |
Affected:
All versions prior to 4.4.0.4.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 4.4.0.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid certificate validation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:52.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
"version": {
"version_data": [
{
"version_value": "All versions prior to 4.4.0.4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid certificate validation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11674",
"datePublished": "2019-10-22T14:42:32.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11652 (GCVE-0-2019-11652)
Vulnerability from nvd – Published: 2019-08-14 15:47 – Updated: 2024-08-04 23:03
VLAI
Summary
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
Severity
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Self Service Password Reset (SSPR) |
Affected:
prior to 4.4.0.3
Affected: prior to 4.3.0.6 Affected: prior to 4.2.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self Service Password Reset (SSPR)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "prior to 4.4.0.3"
},
{
"status": "affected",
"version": "prior to 4.3.0.6"
},
{
"status": "affected",
"version": "prior to 4.2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self Service Password Reset (SSPR)",
"version": {
"version_data": [
{
"version_value": "prior to 4.4.0.3"
},
{
"version_value": "prior to 4.3.0.6"
},
{
"version_value": "prior to 4.2.0.6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11652",
"datePublished": "2019-08-14T15:47:44.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11647 (GCVE-0-2019-11647)
Vulnerability from nvd – Published: 2019-06-24 15:27 – Updated: 2024-08-04 23:03
VLAI
Summary
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Micro Focus NetIQ Self Service Password Reset. |
Affected:
All versions prior to version 4.4
|
Date Public
2019-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus NetIQ Self Service Password Reset.",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4"
}
]
}
],
"datePublic": "2019-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus NetIQ Self Service Password Reset.",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11647",
"datePublished": "2019-06-24T15:27:01.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11850 (GCVE-0-2020-11850)
Vulnerability from cvelistv5 – Published: 2024-08-21 12:52 – Updated: 2024-08-21 13:37
VLAI
Title
Cross site scripting vulnerability in Self Service Password Reset
Summary
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Self Service Password Reset |
Affected:
4.5.0.2 , < <
(server)
|
|
| opentext | self_service_password_reset |
Affected:
0 , < 4.5.0.2
(semver)
Affected: 0 , < 4.4.0.6 (semver) cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:self_service_password_reset:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "self_service_password_reset",
"vendor": "opentext",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "4.4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:23:10.987824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T13:37:05.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Self Service Password Reset",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5.0.2",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Self Service Password Reset before 4.5.0.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.4.0.6\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T12:52:22.890Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross site scripting vulnerability in Self Service Password Reset",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11850",
"datePublished": "2024-08-21T12:52:22.890Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-21T13:37:05.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11674 (GCVE-0-2019-11674)
Vulnerability from cvelistv5 – Published: 2019-10-22 14:42 – Updated: 2024-08-04 23:03
VLAI
Summary
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
Severity
No CVSS data available.
CWE
- Invalid certificate validation.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Self Service Password Reset (SSPR) versions prior to 4.4.0.4 |
Affected:
All versions prior to 4.4.0.4.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 4.4.0.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid certificate validation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:52.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4",
"version": {
"version_data": [
{
"version_value": "All versions prior to 4.4.0.4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid certificate validation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11674",
"datePublished": "2019-10-22T14:42:32.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11652 (GCVE-0-2019-11652)
Vulnerability from cvelistv5 – Published: 2019-08-14 15:47 – Updated: 2024-08-04 23:03
VLAI
Summary
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
Severity
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Self Service Password Reset (SSPR) |
Affected:
prior to 4.4.0.3
Affected: prior to 4.3.0.6 Affected: prior to 4.2.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self Service Password Reset (SSPR)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "prior to 4.4.0.3"
},
{
"status": "affected",
"version": "prior to 4.3.0.6"
},
{
"status": "affected",
"version": "prior to 4.2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self Service Password Reset (SSPR)",
"version": {
"version_data": [
{
"version_value": "prior to 4.4.0.3"
},
{
"version_value": "prior to 4.3.0.6"
},
{
"version_value": "prior to 4.2.0.6"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html"
},
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html"
},
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11652",
"datePublished": "2019-08-14T15:47:44.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11647 (GCVE-0-2019-11647)
Vulnerability from cvelistv5 – Published: 2019-06-24 15:27 – Updated: 2024-08-04 23:03
VLAI
Summary
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Micro Focus NetIQ Self Service Password Reset. |
Affected:
All versions prior to version 4.4
|
Date Public
2019-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus NetIQ Self Service Password Reset.",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4"
}
]
}
],
"datePublic": "2019-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus NetIQ Self Service Password Reset.",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11647",
"datePublished": "2019-06-24T15:27:01.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}