CVE-2024-25604

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 20, 2024
CWE ID 863

Summary

CVE-2024-25604 is a vulnerability affecting Liferay Portal versions 7.2.0 through 7.4.3.4, and older unsupported editions, as well as Liferay DXP versions 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions. This issue stems from insufficient user permission checks, permitting remote, authenticated users holding the VIEW user permission to edit their own permissions via the User and Organizations section of the Control Panel. This flaw can potentially lead to escalation of privileges for attackers, jeopardizing the security of the affected portals.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share