Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-47798

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.

Published

2024-02-08T03:15:07.367

Last Modified

2024-11-21T08:30:49.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-384
  • Type: Primary
    CWE-384
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application liferay digital_experience_platform < 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay liferay_portal < 7.3.0 Yes
References