Количество 2
Количество 2
CVE-2021-33322
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.
GHSA-vwj8-4grf-3r8v
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-33322 In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| GHSA-vwj8-4grf-3r8v Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу