Security Vulnerability in SSPR 4.2, 4.3, and 4.4

  • Document ID:7024094
  • Creation Date:28-Aug-2019
  • Modified Date:28-Aug-2019
    • Micro Focus Products:
      Self Service Password Reset

Environment

Self Service Password Reset
SSPR 4.2.x 
SPR 4.3.x 
SSPR 4.4.x

Situation

A potential authorization bypass issue was found in the following SSPR versions: 
SSPR 4.2 patch update 5 and earlier
SPR 4.3 patch update 5 and earlier
SSPR 4.4 patch update 2 and earler

CVE-2019-11652.

Resolution

Update SSPR to 4.2.0.6, 4.3.0.6, or 4.4.0.3 or newer.

Status

Security Alert