CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25837
https://notcve.org/view.php?id=CVE-2020-25837
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. Vulnerabilidad de divulgación de información confidencial en el producto Micro Focus Self Service Password Reset (SSPR). La vulnerabilidad afecta a las versiones 4.4.0.0 hasta 4.4.0.6 y 4.5.0.1 y 4.5.0.2. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-11674
https://notcve.org/view.php?id=CVE-2019-11674
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. Vulnerabilidad de tipo man-in-the-middle en Micro Focus Self Service Password Reset, afectando a todas las versiones anteriores a 4.4.0.4. La vulnerabilidad podría explotar una comprobación de certificados no válidos y puede resultar en un ataque de tipo man-in-the-middle. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11652
https://notcve.org/view.php?id=CVE-2019-11652
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. Se encontró un problema potencial de omisión de autorización en Micro Focus Self Service Password Reset (SSPR), versiones anteriores a: 4.4.0.3, 4.3.0.6 y 4.2.0.6. Actualización para Micro Focus Self Service Password Reset (SSPR) versiones de SSPR 4.4.0.3, 4.3.0.6 o 4.2.0.6 según corresponda. • https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11647
https://notcve.org/view.php?id=CVE-2019-11647
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. Se presenta un problema de tipo XSS potencial en Self Service Password Reset, en el software Micro Focus NetIQ en todas las versiones anteriores a la versión 4.4. La vulnerabilidad podría ser explotada para habilitar un ataque XSS. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1599
https://notcve.org/view.php?id=CVE-2016-1599
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en NetIQ Self Service Password Reset (SSPR) 2.x y 3.x en versiones anteriores a 3.3.1 HF2 permite a atacantes remotos inyectar texto web arbitrario o HTML a través de una URL manipulada. • http://www.securityfocus.com/bid/96837 https://bugzilla.netiq.com/show_bug.cgi?id=967461 https://www.netiq.com/support/kb/doc.php?id=7017399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •