Self Service Password Reset
SSPR 3.x up to and including 22.214.171.124
The issue has been assigned CVE-2016-1599.
Apply SSPR 3.3.1 HF2 or later.
Micro Focus Bug 967461.