CVE-2022-41414 — MEDIUM (5.3)

Q: What is CVE-2022-41414?

CVE-2022-41414 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

Q: How severe is CVE-2022-41414?

CVE-2022-41414 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-41414?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal.

Vulnerability Description

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Liferay	Liferay Portal	>= 7.0.0, <= 7.4.2

Related Weaknesses (CWE)

CWE-276

References

https://portal.liferay.dev/learn/security/known-vulnerabilitiesNot Applicable
https://portal.liferay.dev/learn/security/known-vulnerabilitiesNot Applicable

FAQ

What is CVE-2022-41414?

CVE-2022-41414 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

How severe is CVE-2022-41414?

CVE-2022-41414 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41414?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal.