PT-2019-12472 · Micro Focus · Micro Focus Self Service Password Reset

Published

2019-10-22

Updated

2019-10-24

CVE-2019-11674

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Micro Focus Self Service Password Reset versions prior to 4.4.0.4

Description The issue concerns a man-in-the-middle vulnerability that exploits invalid certificate validation, potentially resulting in a man-in-the-middle attack.

Recommendations For versions prior to 4.4.0.4, update to version 4.4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Self Service Password Reset feature until the update is applied.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2019-11674

Affected Products

Micro Focus Self Service Password Reset

PT-2019-12472 · Micro Focus · Micro Focus Self Service Password Reset

CVE-2019-11674

Weakness Enumeration

Related Identifiers

Affected Products

References · 3