CVE-2023-33949
CVSS v3.1
7.5 (High)
EPSS
0.08 % (37th)
Affected Products
2
Advisories
1
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property company.security.strangers.verify
should be set to true.
Weaknesses
- CWE-1188
- Initialization of a Resource with an Insecure Default
- CVE Status
- PUBLISHED
- CNA
- Liferay Inc.
- Published Date
-
2023-05-24 17:15:09
(16 months ago) - Updated Date
-
2023-05-31 20:16:46
(15 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...