ReportizFlow
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Liferay |
|
Configuration 1 [-]
|
No data.
References
History
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 13 May 2025 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Liferay digital Experience Platform
|
|
| CPEs | cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_16:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_17:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:* |
cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:* |
| Vendors & Products |
Liferay digital Experience Platform
|
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-08T03:36:07.512Z
Updated: 2025-05-15T19:40:55.792Z
Reserved: 2024-02-06T10:32:42.567Z
Link: CVE-2024-25146
Vulnrichment
Updated: 2024-08-01T23:36:21.804Z
NVD
Status : Modified
Published: 2024-02-08T04:15:08.040
Modified: 2025-05-13T18:17:51.450
Link: CVE-2024-25146
Redhat
No data.