CVSS 3.1 Score 5.3 of 10 (medium)


Published Feb 20, 2024
CWE ID 203


CVE-2024-26268 is a user enumeration vulnerability found in Liferay Portal 7.2.0 through, as well as older unsupported versions, and Liferay DXP 7.4 prior to update 27, 7.3 prior to update 8, and 7.2 prior to fix pack 20, along with older unsupported versions. This vulnerability allows remote attackers to determine the existence of an account within the application by comparing the response time of a request. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.3 according to the CVSS:3.1 scoring system. The potential danger posed by this vulnerability includes possible unauthorized access and compromise of sensitive information within an organization's Liferay Portal or Liferay DXP installation. Remediation for this vulnerability involves updating to the latest supported version or applying the necessary fix packs or updates provided by Liferay to address the issue.

Note: The provided summary is based on the information given in the text and does not contain any additional analysis or opinions from external sources or personal bias.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-26268 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options