CVE-2024-26268
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Liferay | Portal | 7.2.0 <= 7.4.3.26 | affected |
| Liferay | DXP | 7.4.13 <= 7.4.13.u26 | affected |
| Liferay | DXP | 7.3.10 <= 7.3.10.u7 | affected |
| Liferay | DXP | 7.2.10 <= 7.2.10-dxp-19 | affected |
Weaknesses
- CWE-203: CWE-203 Observable Discrepancy
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.