CVE-2020-25837

HIGH

Micro Focus Self Service Password Reset 4.4.0.0-4.4.0.6 and 4.5.0.1-4.5.0.2 - Sensitive Information Disclosure

Title source: llm

Description

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

microfocus/self_service_password_reset 4.4.0.0 - 4.4.0.6

Published Nov 05, 2020

Tracked Since Feb 18, 2026