CVE-2021-32648: October CMS Improper Authentication. In affected versions
October CMS Improper Authentication. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
- CISA KEV-listed (remediation due 2022-02-01)
- EPSS 93.0% (99.8% percentile)