CVE-2024-25605

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 20, 2024

CWE ID 276

Summary

CVE-2024-25605 is a vulnerability affecting Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, as well as Liferay DXP 7.4.13, 7.3 before service pack 3, and older unsupported versions. This issue lies in the Journal module, which inadvertently grants guest users view permission to web content templates by default. Consequently, attackers can remotely access any template through the user interface or API, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ucplOo
https://www.cve.org/CVERecord?id=CVE-2024-25605
https://nvd.nist.gov/vuln/detail/CVE-2024-25605

Back to Vulnerability Database

CVE-2024-25605

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations