PT-2024-13496 · Liferay · Liferay Portal+1
Published
2024-02-08
·
Updated
2024-10-03
·
CVE-2023-47798
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions 7.2.0 through 7.3.0
Liferay DXP 7.2 before fix pack 5
Description
The issue allows remote authenticated users to remain authenticated after an account has been locked because existing user sessions are not invalidated. This occurs when an account lockout happens in the affected software.
Recommendations
For Liferay Portal versions 7.2.0 through 7.3.0, update to a version that includes the fix for this issue.
For Liferay DXP 7.2, apply fix pack 5 or later to resolve the issue.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal