1. Home
  2. CVE Database
  3. CVE-2024-26268
MEDIUM · 5.3

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older un...

Vulnerability Description

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LiferayLiferay Portal<= 7.3.7
LiferayDigital Experience Platform< 7.2

Related Weaknesses (CWE)

CWE-203

References

FAQ

What is CVE-2024-26268?

CVE-2024-26268 is a vulnerability with a CVSS score of 5.3 (MEDIUM). User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older un...

How severe is CVE-2024-26268?

CVE-2024-26268 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-26268?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Liferay Digital Experience Platform.