CVE-2024-26268

Summary

CVE-2024-26268 is a user enumeration vulnerability found in Liferay Portal 7.2.0 through 7.4.3.26, as well as older unsupported versions, and Liferay DXP 7.4 prior to update 27, 7.3 prior to update 8, and 7.2 prior to fix pack 20, along with older unsupported versions. This vulnerability allows remote attackers to determine the existence of an account within the application by comparing the response time of a request. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.3 according to the CVSS:3.1 scoring system. The potential danger posed by this vulnerability includes possible unauthorized access and compromise of sensitive information within an organization's Liferay Portal or Liferay DXP installation. Remediation for this vulnerability involves updating to the latest supported version or applying the necessary fix packs or updates provided by Liferay to address the issue. Note: The provided summary is based on the information given in the text and does not contain any additional analysis or opinions from external sources or personal bias.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.