cbcvebase.
CVE-2020-11063
published 2020-05-13

CVE-2020-11063: In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users…

PriorityP415low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
1.19%
64.0th percentile
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.

Affected

5 ranges
VendorProductVersion rangeFixed in
typo3cms>= 10.0.0 < 10.4.210.4.2
typo3cms-core>= 10.0.0 < 10.4.210.4.2
typo3typo3
typo3typo3
typo3typo3_cms

CVSS provenance

nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.