Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DB383E5-7A0E-46A2-AB91-E4536889A6DB", "versionEndExcluding": "7.4.3.100", "versionStartIncluding": "7.4.3.76", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*", "matchCriteriaId": "7E325115-EEBC-41F4-8606-45270DA40B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*", "matchCriteriaId": "848B2C72-447D-46E2-A5A7-43CF3764E578", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*", "matchCriteriaId": "26A0AF15-52A9-46FD-8157-359141332EAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*", "matchCriteriaId": "63D63872-C1D0-444F-BCC7-A514F323C256", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*", "matchCriteriaId": "9D9FA9AD-39D3-412A-B794-E1B29EEEEC4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*", "matchCriteriaId": "294D8A56-A797-433C-A06E-106B2179151A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*", "matchCriteriaId": "824D88D9-4645-4CAD-8CAB-30F27DD388C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*", "matchCriteriaId": "F6E8C952-B455-46E4-AC3D-D38CAF189F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*", "matchCriteriaId": "CD77C0EE-AC79-4443-A502-C1E02F806911", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*", "matchCriteriaId": "648EB53C-7A90-4DA6-BF1C-B5336CDE30C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*", "matchCriteriaId": "39835EF7-8E93-4695-973D-6E9B76C67372", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*", "matchCriteriaId": "2A05FB86-332B-44E3-93CB-82465A38976E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*", "matchCriteriaId": "7C754823-899C-4EEF-ACB7-E1551FA88B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*", "matchCriteriaId": "493D4C18-DEE2-4040-9C13-3A9AB2CE47BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*", "matchCriteriaId": "8F17DD75-E63B-4E4C-B136-D43F17B389EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*", "matchCriteriaId": "62EE759A-78AD-40D6-8C5B-10403A8A4A89", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*", "matchCriteriaId": "865ABA1F-CA99-4602-B325-F81C9778855C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7B3A5E2-23CE-45A8-BD01-77024EB9F9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1EF6451A-2A5D-4222-A1C6-113AA4B8D4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D6CE430-3C95-4855-BA44-E2E136D1FEB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*", "matchCriteriaId": "44FEB149-C792-493D-B055-568FFC96298A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B050DD73-71B6-46CD-A35B-7ACB53BE6C6A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user\u2019s hashed password in the page\u2019s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password."}, {"lang": "es", "value": "La p\u00e1gina Configuraci\u00f3n de Cuenta en Liferay Portal 7.4.3.76 a 7.4.3.99, y Liferay DXP 2023.Q3 antes del parche 5, y 7.4 actualizaci\u00f3n 76 a 92 incorpora la contrase\u00f1a hash del usuario en el c\u00f3digo fuente HTML de la p\u00e1gina, lo que permite al hombre en el atacantes intermedios para robar la contrase\u00f1a hash de un usuario."}], "id": "CVE-2024-26270", "lastModified": "2025-01-28T21:25:41.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@liferay.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-20T14:15:09.530", "references": [{"source": "security@liferay.com", "tags": ["Vendor Advisory"], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270"}], "sourceIdentifier": "security@liferay.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "security@liferay.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat