Security Vulnerability in SSPR 4.2, 4.3, and 4.4

  • 7024094
  • 28-Aug-2019
  • 28-Aug-2019

Environment

Self Service Password Reset
SSPR 4.2.x 
SPR 4.3.x 
SSPR 4.4.x

Situation

A potential authorization bypass issue was found in the following SSPR versions: 
SSPR 4.2 patch update 5 and earlier
SPR 4.3 patch update 5 and earlier
SSPR 4.4 patch update 2 and earler

CVE-2019-11652.

Resolution

Update SSPR to 4.2.0.6, 4.3.0.6, or 4.4.0.3 or newer.

Status

Security Alert

Feedback service temporarily unavailable. For content questions or problems, please contact Support.