How severe is CVE-2022-36106?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-36106?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2022-36106 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2017-3795

MEDIUM

CVSS:5.4(Medium)

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Kn...

CWE-2872017

CVE-2017-6617

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to h...

CWE-2872017

CVE-2018-1999045

MEDIUM

CVSS:5.4(Medium)

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to ...

CWE-2872018

CVE-2019-15617

MEDIUM

CVSS:5.4(Medium)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

CWE-2872019

CVE-2020-12848

MEDIUM

CVSS:5.4(Medium)

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous us...

CWE-2872020

CVE-2021-20578

MEDIUM

CVSS:5.4(Medium)

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199...

CWE-2872021