All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2021-32648
NONEKEVpublish date unavailable
CVSS / 10
// description
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2022-01-18 00:00 UTC