ReportizFlow
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Liferay |
|
Configuration 1 [-]
|
No data.
References
History
Thu, 24 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Liferay dxp
Liferay portal |
|
| CPEs | cpe:2.3:a:liferay:dxp:-:*:*:*:*:*:*:* cpe:2.3:a:liferay:portal:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Liferay dxp
Liferay portal |
|
| Metrics |
ssvc
|
Tue, 10 Dec 2024 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Liferay
Liferay digital Experience Platform Liferay liferay Portal |
|
| CPEs | cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Liferay
Liferay digital Experience Platform Liferay liferay Portal |
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-20T08:51:32.953Z
Updated: 2025-04-24T15:05:21.654Z
Reserved: 2024-02-08T13:57:11.425Z
Link: CVE-2024-25605
Vulnrichment
Updated: 2024-08-01T23:44:09.695Z
NVD
Status : Analyzed
Published: 2024-02-20T09:15:09.323
Modified: 2024-12-10T22:20:47.737
Link: CVE-2024-25605
Redhat
No data.