CVE-2020-11850 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
OpenText	CNA	7.3 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Affected Products (NVD)

Vendor	Product	Version
opentext	self_service_password_reset	𝑥 < 4.5.0.2
opentext	self_service_password_reset	𝑥 < 4.4.0.6
microfocus	netiq_self_service_password_reset	𝑥 < 4.4
microfocus	netiq_self_service_password_reset	4.4
microfocus	netiq_self_service_password_reset	4.4:update_1
microfocus	netiq_self_service_password_reset	4.4:update_2
microfocus	netiq_self_service_password_reset	4.4:update_3
microfocus	netiq_self_service_password_reset	4.4:update_4
microfocus	netiq_self_service_password_reset	4.4:update_5
microfocus	netiq_self_service_password_reset	4.5
microfocus	netiq_self_service_password_reset	4.5:update_1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h