Typo3 · Typo3 · CVE-2022-36106
**Name of the Vulnerable Software and Affected Versions**
TYPO3 versions prior to 10.4.32
TYPO3 versions prior to 11.5.16
**Description**
The expiration time of a password reset link for TYPO3 backend users has never been evaluated, allowing a password reset link to be used even after the default expiry time of two hours has been exceeded.
**Recommendations**
Update to TYPO3 version 10.4.32 or later.
Update to TYPO3 version 11.5.16 or later.