CVE-2023-47798

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

History

03 Oct 2024, 18:13

Type Values Removed Values Added
CPE cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 4.6
First Time Liferay liferay Portal
Liferay digital Experience Platform
Liferay
References () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798 - () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798 - Vendor Advisory

08 Feb 2024, 03:29

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-08 03:15

Updated : 2024-10-03 18:13


NVD link : CVE-2023-47798

Mitre link : CVE-2023-47798

CVE.ORG link : CVE-2023-47798


JSON object : View

Products Affected

liferay

  • liferay_portal
  • digital_experience_platform
CWE
CWE-384

Session Fixation