Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2024, 18:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
First Time |
Liferay liferay Portal
Liferay digital Experience Platform Liferay |
|
References | () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798 - Vendor Advisory |
08 Feb 2024, 03:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 03:15
Updated : 2024-10-03 18:13
NVD link : CVE-2023-47798
Mitre link : CVE-2023-47798
CVE.ORG link : CVE-2023-47798
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE
CWE-384
Session Fixation