← Back

CVE-2024-26268

nvd nist
Published: Feb 20, 2024Modified: Jan 28, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

Affected (66)

Liferay
2 products
Liferay Portal
Digital Experience Platform
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Liferay Portal
Up to 7.3.7
Liferay Portal
From 7.4.0 to 7.4.3.27
Configuration B
64 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Before 7.2
Digital Experience Platform
Version 7.2
Digital Experience Platform
Version 7.2 fix_pack_10
Digital Experience Platform
Version 7.2 fix_pack_11
Digital Experience Platform
Version 7.2 fix_pack_12
Digital Experience Platform
Version 7.2 fix_pack_13
Digital Experience Platform
Version 7.2 fix_pack_14
Digital Experience Platform
Version 7.2 fix_pack_15
Digital Experience Platform
Version 7.2 fix_pack_16
Digital Experience Platform
Version 7.2 fix_pack_17
Digital Experience Platform
Version 7.2 fix_pack_18
Digital Experience Platform
Version 7.2 fix_pack_19
Digital Experience Platform
Version 7.2 fix_pack_1
Digital Experience Platform
Version 7.2 fix_pack_2
Digital Experience Platform
Version 7.2 fix_pack_3
Digital Experience Platform
Version 7.2 fix_pack_4
Digital Experience Platform
Version 7.2 fix_pack_5
Digital Experience Platform
Version 7.2 fix_pack_6
Digital Experience Platform
Version 7.2 fix_pack_7
Digital Experience Platform
Version 7.2 fix_pack_8
Digital Experience Platform
Version 7.2 fix_pack_9
Digital Experience Platform
Version 7.2 service_pack_1
Digital Experience Platform
Version 7.2 service_pack_2
Digital Experience Platform
Version 7.2 service_pack_3
Digital Experience Platform
Version 7.2 service_pack_4
Digital Experience Platform
Version 7.2 service_pack_5
Digital Experience Platform
Version 7.2 service_pack_6
Digital Experience Platform
Version 7.2 service_pack_7
Digital Experience Platform
Version 7.3
Digital Experience Platform
Version 7.3 fix_pack_1
Digital Experience Platform
Version 7.3 fix_pack_2
Digital Experience Platform
Version 7.3 service_pack_1
Digital Experience Platform
Version 7.3 service_pack_3
Digital Experience Platform
Version 7.3 update4
Digital Experience Platform
Version 7.3 update5
Digital Experience Platform
Version 7.3 update6
Digital Experience Platform
Version 7.3 update7
Digital Experience Platform
Version 7.4
Digital Experience Platform
Version 7.4 update10
Digital Experience Platform
Version 7.4 update11
Digital Experience Platform
Version 7.4 update12
Digital Experience Platform
Version 7.4 update13
Digital Experience Platform
Version 7.4 update14
Digital Experience Platform
Version 7.4 update15
Digital Experience Platform
Version 7.4 update16
Digital Experience Platform
Version 7.4 update17
Digital Experience Platform
Version 7.4 update18
Digital Experience Platform
Version 7.4 update19
Digital Experience Platform
Version 7.4 update1
Digital Experience Platform
Version 7.4 update20
Digital Experience Platform
Version 7.4 update21
Digital Experience Platform
Version 7.4 update22
Digital Experience Platform
Version 7.4 update23
Digital Experience Platform
Version 7.4 update24
Digital Experience Platform
Version 7.4 update25
Digital Experience Platform
Version 7.4 update26
Digital Experience Platform
Version 7.4 update2
Digital Experience Platform
Version 7.4 update3
Digital Experience Platform
Version 7.4 update4
Digital Experience Platform
Version 7.4 update5
Digital Experience Platform
Version 7.4 update6
Digital Experience Platform
Version 7.4 update7
Digital Experience Platform
Version 7.4 update8
Digital Experience Platform
Version 7.4 update9

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (2)

Source: security@liferay.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.