Authorization Bypass Vulnerability in Micro Focus Self Service Password Reset
CVE-2019-11652

9.8CRITICAL

Key Information:

Vendor

Micro Focus

Status
Self Service Password Reset (sspr)
Vendor
CVE Published:
14 August 2019

What is CVE-2019-11652?

A vulnerability exists in Micro Focus Self Service Password Reset (SSPR) that may allow unauthorized access to user accounts. This issue affects versions prior to 4.4.0.3, 4.3.0.6, and 4.2.0.6, which can potentially compromise sensitive user data and access. It is crucial for users to upgrade to the latest SSPR versions to mitigate this risk.

Affected Version(s)

Self Service Password Reset (SSPR) prior to 4.4.0.3

Self Service Password Reset (SSPR) prior to 4.3.0.6

Self Service Password Reset (SSPR) prior to 4.2.0.6

References

https://www.netiq.com/documentation/self-service-password...
x_refsource_CONFIRM
https://www.netiq.com/documentation/self-service-password...
x_refsource_CONFIRM
https://www.netiq.com/documentation/self-service-password...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.