CVE-2019-11674
https://notcve.org/view.php?id=CVE-2019-11674
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. Vulnerabilidad de tipo man-in-the-middle en Micro Focus Self Service Password Reset, afectando a todas las versiones anteriores a 4.4.0.4. La vulnerabilidad podría explotar una comprobación de certificados no válidos y puede resultar en un ataque de tipo man-in-the-middle. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html • CWE-295: Improper Certificate Validation •
CVE-2019-11652
https://notcve.org/view.php?id=CVE-2019-11652
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. Se encontró un problema potencial de omisión de autorización en Micro Focus Self Service Password Reset (SSPR), versiones anteriores a: 4.4.0.3, 4.3.0.6 y 4.2.0.6. Actualización para Micro Focus Self Service Password Reset (SSPR) versiones de SSPR 4.4.0.3, 4.3.0.6 o 4.2.0.6 según corresponda. • https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html •