Search
Find a vulnerability
Search criteria
4 vulnerabilities found for self_service_password_reset by microfocus
CVE-2020-25837 (GCVE-0-2020-25837)
Vulnerability from nvd – Published: 2020-11-05 20:21 – Updated: 2024-08-04 15:40
VLAI
Summary
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.
Severity
No CVSS data available.
CWE
- information leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Micro Focus Self Service Password Reset (SSPR) |
Affected:
4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Self Service Password Reset (SSPR)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Self Service Password Reset (SSPR)",
"version": {
"version_data": [
{
"version_value": "4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25837",
"datePublished": "2020-11-05T20:21:03.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1599 (GCVE-0-2016-1599)
Vulnerability from nvd – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:02
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96837 | vdb-entryx_refsource_BID |
| https://www.netiq.com/support/kb/doc.php?id=7017399 | x_refsource_CONFIRM |
| https://bugzilla.netiq.com/show_bug.cgi?id=967461 | x_refsource_CONFIRM |
Date Public
2016-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:38.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "96837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96837"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7017399",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"name": "https://bugzilla.netiq.com/show_bug.cgi?id=967461",
"refsource": "CONFIRM",
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1599",
"datePublished": "2016-03-24T01:00:00.000Z",
"dateReserved": "2016-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25837 (GCVE-0-2020-25837)
Vulnerability from cvelistv5 – Published: 2020-11-05 20:21 – Updated: 2024-08-04 15:40
VLAI
Summary
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.
Severity
No CVSS data available.
CWE
- information leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Micro Focus Self Service Password Reset (SSPR) |
Affected:
4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Self Service Password Reset (SSPR)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Self Service Password Reset (SSPR)",
"version": {
"version_data": [
{
"version_value": "4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25837",
"datePublished": "2020-11-05T20:21:03.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1599 (GCVE-0-2016-1599)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:02
VLAI
Summary
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96837 | vdb-entryx_refsource_BID |
| https://www.netiq.com/support/kb/doc.php?id=7017399 | x_refsource_CONFIRM |
| https://bugzilla.netiq.com/show_bug.cgi?id=967461 | x_refsource_CONFIRM |
Date Public
2016-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:38.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "96837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96837"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7017399",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"name": "https://bugzilla.netiq.com/show_bug.cgi?id=967461",
"refsource": "CONFIRM",
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1599",
"datePublished": "2016-03-24T01:00:00.000Z",
"dateReserved": "2016-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}