Information Leakage in Micro Focus NetIQ Self Service Password Reset Software
CVE-2019-11648

7.5HIGH

Key Information:

Vendor: Micro Focus
Status: Micro Focus Netiq Self Service Password Reset.
Vendor: CVE Published:; 24 June 2019

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2019-11648?

An information leakage vulnerability exists in Micro Focus NetIQ Self Service Password Reset Software that affects all versions prior to 4.4. This weakness allows malicious actors to exploit the software, potentially exposing sensitive user information. Organizations using affected versions are advised to upgrade to version 4.4 or later to mitigate the risk of sensitive data exposure.

Affected Version(s)

Micro Focus NetIQ Self Service Password Reset. All versions prior to version 4.4

References

https://www.netiq.com/documentation/self-service-password...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2019
Vulnerability Reserved
May 1, 2019