Home > Vulnerability Database > CVE-2024-25605

Mend.io Vulnerability Database

CVE-2024-25605

Good to know:

Date: February 20, 2024

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.

Language: Java

Severity Score

5.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25605

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605

Url: https://www.mend.io/vulnerability-database/CVE-2024-25605

Severity Score

5.3

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.template.web:1.0.10

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25605

Good to know:

Date: February 20, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?