Security Advisory

CVE-2026-32865

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 15:47:59

Last updated 2026-03-19 18:20:51

Assigner cisa-cg

State PUBLISHED

Description

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via ForcePasswordReset.aspx. An attacker who knows an existing users email address can reset the users password and security questions. Existing security questions are not asked during the process.

← Browse all CVEs View on cve.org ↗