Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2021-32648

October CMS | October CMSAdded 2022-01-18Remediation Deadline 2022-02-01

October CMS Improper Authentication

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-287

References