Description Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. Remediation References CVE-2021-27654 Related Vulnerabilities WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394) MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615) Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901) Envoy Proxy Reachable Assertion Vulnerability (CVE-2024-32475) Play Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-13864) Severity High Classification CVE-2021-27654 CWE-640 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities