Self Service Password Reset
SSPR 3.x up to and including 220.127.116.11
The issue has been assigned CVE-2016-1599.
Apply SSPR 3.3.1 HF2 or later.
Micro Focus Bug 967461.