Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36106

Sept. 13, 2022, 6:15 p.m. |

National Vulnerability Database nist.gov

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds …

cve

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Manager, DT GRC (Governance, Risk, And compliance)

@ ServiceNow | Austin, Texas, United States

Associate Threat Intelligence Response Analyst

@ Recorded Future, Inc. | London, UK

Security Engineer - Product Security

@ Riot Games, Inc. | Los Angeles, USA

Senior DevSecOps Engineer - HYBRID

@ Sigma Defense | San Diego, California, United States

Senior Cloud Security Engineer (f/m/d)

@ ecosio | Vienna, Austria

Information Systems Security Manger (ISSM)

@ Scientific Systems Company, Inc. | Woburn, Massachusetts, United States

Cyber Assurance Manager

@ Tesco Bengaluru | Bengaluru, India