CVE-2024-25606

Published at:
2024-02-20T09:15:09.533
Source: [email protected]

Global infos:

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.

CVE Status: Analyzed

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityHIGH
    Attack VectorNETWORK
    Availability ImpactHIGH
    Base Score8
    Base SeverityHIGH
    Confidentiality ImpactHIGH
    Integrity ImpactHIGH
    Privileges RequiredHIGH
    ScopeCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
    Exploitability Score1.3
    Impact Score6
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords