CVE-2021-29047

Опубликовано: 16 мая 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

Ссылки

http://liferay.com
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
Vendor Advisory
http://liferay.com
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*

Версия до 7.3 (исключая)

cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:7.3.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:7.3.5:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00288

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-9mxg-p873-6793