CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-11674
https://notcve.org/view.php?id=CVE-2019-11674
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. Vulnerabilidad de tipo man-in-the-middle en Micro Focus Self Service Password Reset, afectando a todas las versiones anteriores a 4.4.0.4. La vulnerabilidad podría explotar una comprobación de certificados no válidos y puede resultar en un ataque de tipo man-in-the-middle. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11652
https://notcve.org/view.php?id=CVE-2019-11652
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. Se encontró un problema potencial de omisión de autorización en Micro Focus Self Service Password Reset (SSPR), versiones anteriores a: 4.4.0.3, 4.3.0.6 y 4.2.0.6. Actualización para Micro Focus Self Service Password Reset (SSPR) versiones de SSPR 4.4.0.3, 4.3.0.6 o 4.2.0.6 según corresponda. • https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11647
https://notcve.org/view.php?id=CVE-2019-11647
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. Se presenta un problema de tipo XSS potencial en Self Service Password Reset, en el software Micro Focus NetIQ en todas las versiones anteriores a la versión 4.4. La vulnerabilidad podría ser explotada para habilitar un ataque XSS. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •