CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 1, 2022

CVE-2021-32648

High

EPSS 93.1%CISA KEV

Description

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

EPSS — Exploit Probability

93.1%

Higher than 99.8% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-32648

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 93.1%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 18, 2022

Added to KEV

Jan 18, 2022

Remediation Due

Feb 1, 2022

Affected Product

October CMS

View all October CMS CVEs

External Links

NVD (NIST)CVE Details MITRE CVE